CVE-2022-3132 (goolytics)
The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting...
CVE-2022-3125 (frontend_file_manager)
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like...
CVE-2022-3124 (frontend_file_manager)
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of...
CVE-2022-2839 (zephyr_project_manager)
The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users...
CVE-2022-2763 (wp_socializer)
The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as...
CVE-2022-2628 (dsgvo_all_in_one_for_wp)
The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege...
CVE-2022-1480
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was...
CVE-2022-32173 (orchardcore)
In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog...
rubygem-pdfkit-0.8.7-1.fc35
FEDORA-2022-6da143f1a2 Packages in this update: rubygem-pdfkit-0.8.7-1.fc35 Update description: Update to 0.8.7. This new release fixes CVE-2022-25765. Read More
rubygem-pdfkit-0.8.7-1.fc36
FEDORA-2022-3ec8272e72 Packages in this update: rubygem-pdfkit-0.8.7-1.fc36 Update description: Update to 0.8.7. This new release fixes CVE-2022-25765. Read More