Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2022-21661 vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv3
CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been...
Wordpress WordpressFedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0
4.3
CVSSv3
CVE-2021-21661
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins....
Jenkins Kubernetes
5.4
CVSSv3
CVE-2022-21662
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users....
Wordpress WordpressDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0
7.2
CVSSv3
CVE-2022-21663
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in...
Wordpress WordpressDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Fedoraproject Fedora 34Fedoraproject Fedora 35
8.8
CVSSv3
CVE-2022-21664
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version...
Wordpress WordpressDebian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Fedoraproject Fedora 34Fedoraproject Fedora 35
8.6
CVSSv3
CVE-2022-21668
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file,...
Pypa PipenvFedoraproject Fedora 34Fedoraproject Fedora 35Fedoraproject Fedora 36
8.1
CVSSv3
CVE-2022-21660
Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no...
Gin-vue-admin Project Gin-vue-admin
9.8
CVSSv3
CVE-2021-42392
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited...
H2database H2Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Oracle Communications Cloud Native Core Policy 1.15.0
9.8
CVE-2022-2166
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0....
Joinmastodon Mastodon 4.0.0Joinmastodon Mastodon
9.8
CVSSv3
CVE-2021-42342
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts....
Embedthis Goahead
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-25675CVE-2023-21072physicalCVE-2023-28446encryptionCVE-2023-21076server-side request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook