CVE List - 2022 / April
Showing 1401 - 1500 of 2039 CVEs for April 2022 (Page 15 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-0765 | 2022-04-18 | Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting |
| CVE-2022-0780 | 2022-04-18 | SearchIQ < 3.9 - Unauthenticated Stored XSS |
| CVE-2022-0785 | 2022-04-18 | Daily Prayer Time < 2022.03.01 - Unauthenticated SQLi |
| CVE-2022-0879 | 2022-04-18 | Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting |
| CVE-2022-0994 | 2022-04-18 | Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1001 | 2022-04-18 | WP Downgrade < 1.2.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1020 | 2022-04-18 | Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call |
| CVE-2022-1037 | 2022-04-18 | EXMAGE < 1.0.7 - Admin+ Blind SSRF |
| CVE-2022-1054 | 2022-04-18 | RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export |
| CVE-2022-1063 | 2022-04-18 | Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1088 | 2022-04-18 | Page Security & Membership <= 1.5.15 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1090 | 2022-04-18 | Good & Bad Comments <= 1.0.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1091 | 2022-04-18 | Safe SVG < 1.9.10 - SVG Sanitisation Bypass |
| CVE-2022-1112 | 2022-04-18 | Autolinks <= 1.0.1 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-24863 | 2022-04-18 | Denial of service in http-swagger |
| CVE-2022-29457 | 2022-04-18 | Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. |
| CVE-2022-24841 | 2022-04-18 | Improper Authorization in github.com/fleetdm/fleet |
| CVE-2022-29153 | 2022-04-19 | HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints.... |
| CVE-2022-1329 | 2022-04-19 | Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution |
| CVE-2022-28108 | 2022-04-19 | Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. |
| CVE-2022-1065 | 2022-04-19 | Multi Factor Authentication Bypass in various versions of Abacus ERP |
| CVE-2022-0645 | 2022-04-19 | Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in posthog/posthog |
| CVE-2021-43129 | 2022-04-19 | A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu... |
| CVE-2022-27927 | 2022-04-19 | A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through... |
| CVE-2021-41570 | 2022-04-19 | Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation. |
| CVE-2022-26593 | 2022-04-19 | Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject... |
| CVE-2022-26595 | 2022-04-19 | Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups,... |
| CVE-2022-29315 | 2022-04-19 | Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used. |
| CVE-2021-44519 | 2022-04-19 | In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution. |
| CVE-2021-39033 | 2022-04-19 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned... |
| CVE-2021-39072 | 2022-04-19 | IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability... |
| CVE-2021-39076 | 2022-04-19 | IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585. |
| CVE-2021-39078 | 2022-04-19 | IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589. |
| CVE-2022-25648 | 2022-04-19 | Command Injection |
| CVE-2022-27055 | 2022-04-19 | ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database... |
| CVE-2022-27104 | 2022-04-19 | An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3. |
| CVE-2022-24825 | 2022-04-19 | Smokescreen SSRF via deny list bypass |
| CVE-2022-27862 | 2022-04-19 | WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE |
| CVE-2022-27863 | 2022-04-19 | WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Sensitive Data Exposure vulnerability |
| CVE-2022-1385 | 2022-04-19 | Invitation Email is resent as a Reminder after invalidating pending email invites |
| CVE-2022-1384 | 2022-04-19 | Authorized users are allowed to install old plugin versions from the Marketplace |
| CVE-2021-26627 | 2022-04-19 | EDrhyme QCP 200W Information Exposure Vulnerability |
| CVE-2021-26625 | 2022-04-19 | tobesoft Nexacro arbitrary file download vulnerability |
| CVE-2021-26626 | 2022-04-19 | tobesoft XPLATFORM Arbitrary file execution Vulnerability |
| CVE-2022-25788 | 2022-04-19 | A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary... |
| CVE-2022-27527 | 2022-04-19 | A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020. |
| CVE-2022-0992 | 2022-04-19 | The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up... |
| CVE-2022-28221 | 2022-04-19 | CleanTalk AntiSpam <= 5.173 Reflected XSS |
| CVE-2022-1119 | 2022-04-19 | The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated... |
| CVE-2022-1187 | 2022-04-19 | The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the ~/inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in... |
| CVE-2022-0993 | 2022-04-19 | The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up... |
| CVE-2021-4096 | 2022-04-19 | Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload |
| CVE-2022-1186 | 2022-04-19 | The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5. |
| CVE-2022-28222 | 2022-04-19 | CleanTalk AntiSpam <= 5.173 Reflected XSS |
| CVE-2021-23283 | 2022-04-19 | Security issues in Eaton Intelligent Power Protector (IPP) |
| CVE-2022-21404 | 2022-04-19 | Vulnerability in the Helidon product of Oracle Fusion Middleware (component: Reactive WebServer). Supported versions that are affected are 1.4.10 and 2.0.0-RC1. Difficult to exploit vulnerability allows unauthenticated attacker with network... |
| CVE-2022-21405 | 2022-04-19 | Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Oracle Explorer). The supported version that is affected is 18.3. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2022-21409 | 2022-04-19 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). The supported version that is affected is Prior to 9.2.6.3. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2022-21410 | 2022-04-19 | Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having... |
| CVE-2022-21411 | 2022-04-19 | Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged... |
| CVE-2022-21412 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21413 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21414 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21415 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21416 | 2022-04-19 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the... |
| CVE-2022-21417 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged... |
| CVE-2022-21418 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network... |
| CVE-2022-21419 | 2022-04-19 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.5.0.0.0 and 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2022-21420 | 2022-04-19 | Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2022-21421 | 2022-04-19 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable... |
| CVE-2022-21422 | 2022-04-19 | Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability... |
| CVE-2022-21423 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access... |
| CVE-2022-21424 | 2022-04-19 | Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). The supported version that is affected is 12.0.0.4. Easily exploitable vulnerability allows low... |
| CVE-2022-21425 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21426 | 2022-04-19 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,... |
| CVE-2022-21427 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high... |
| CVE-2022-21430 | 2022-04-19 | Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability... |
| CVE-2022-21431 | 2022-04-19 | Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Easily exploitable vulnerability allows... |
| CVE-2022-21434 | 2022-04-19 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,... |
| CVE-2022-21435 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21436 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21437 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21438 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21440 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21441 | 2022-04-19 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2022-21442 | 2022-04-19 | Vulnerability in Oracle GoldenGate (component: OGG Core Library). The supported version that is affected is Prior to 23.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure... |
| CVE-2022-21443 | 2022-04-19 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2,... |
| CVE-2022-21444 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows... |
| CVE-2022-21445 | 2022-04-19 | Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2022-21446 | 2022-04-19 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple... |
| CVE-2022-21447 | 2022-04-19 | Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (component: Advising Notes). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2022-21448 | 2022-04-19 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). The supported version that is affected is 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2022-21449 | 2022-04-19 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle... |
| CVE-2022-21450 | 2022-04-19 | Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub product of Oracle PeopleSoft (component: My Links). The supported version that is affected is 9.1. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2022-21451 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high... |
| CVE-2022-21452 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2022-21453 | 2022-04-19 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2022-21454 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability... |
| CVE-2022-21456 | 2022-04-19 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2022-21457 | 2022-04-19 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker... |