Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20609 | 2 Google, Mediatek | 11 Android, Mt6833, Mt6853 and 8 more | 2025-03-26 | 4.4 Medium |
| In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570864; Issue ID: ALPS07570864. | ||||
| CVE-2023-20608 | 2 Google, Mediatek | 23 Android, Mt6761, Mt6765 and 20 more | 2025-03-26 | 6.4 Medium |
| In display drm, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363599; Issue ID: ALPS07363599. | ||||
| CVE-2023-0282 | 1 Plugin | 1 Yourchannel | 2025-03-26 | 5.4 Medium |
| The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. | ||||
| CVE-2023-0178 | 1 Twinpictures | 1 Annual Archive | 2025-03-26 | 5.4 Medium |
| The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0144 | 1 Mage-people | 1 Event Manager And Tickets Selling For Woocommerce | 2025-03-26 | 5.4 Medium |
| The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2022-4824 | 1 Essentialplugin | 1 Wp Blog And Widget | 2025-03-26 | 5.4 Medium |
| The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | ||||
| CVE-2022-4674 | 1 Vowelweb | 1 Ibtana | 2025-03-26 | 5.4 Medium |
| The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack | ||||
| CVE-2022-4577 | 1 Goldplugins | 1 Easy Testimonials | 2025-03-26 | 5.4 Medium |
| The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | ||||
| CVE-2022-4459 | 1 Wp Show Posts Project | 1 Wp Show Posts | 2025-03-26 | 5.4 Medium |
| The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | ||||
| CVE-2022-48311 | 1 Hp | 2 Deskjet 2540 A9u23b, Deskjet 2540 A9u23b Firmware | 2025-03-26 | 9 Critical |
| **UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2022-47452 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In gnss driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services. | ||||
| CVE-2022-47371 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In bt driver, there is a thread competition leads to early release of resources to be accessed. This could lead to local denial of service in kernel. | ||||
| CVE-2022-47370 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5 Medium |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | ||||
| CVE-2022-47361 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 7.8 High |
| In firewall service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | ||||
| CVE-2022-47360 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | ||||
| CVE-2022-47359 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | ||||
| CVE-2022-47358 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | ||||
| CVE-2022-47357 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | ||||
| CVE-2022-47345 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | ||||
| CVE-2022-47344 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | ||||