Security Vulnerabilities - CVEs Published In February 2022
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.
CVSS Score
9.4
EPSS Score
0.003
Published
2022-02-20
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-02-20
Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users
CVSS Score
6.5
EPSS Score
0.004
Published
2022-02-20
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
CVSS Score
8.4
EPSS Score
0.003
Published
2022-02-20
In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-02-19
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-02-19
duck before 0.10 did not properly handle loading of untrusted code from the current directory.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-02-19
WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-02-19
WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php.
CVSS Score
8.8
EPSS Score
0.107
Published
2022-02-19
Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-02-19