Security Vulnerabilities - CVEs Published In July 2022
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.
CVSS Score
6.1
EPSS Score
0.051
Published
2022-07-14
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.
CVSS Score
6.1
EPSS Score
0.113
Published
2022-07-14
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.
CVSS Score
9.8
EPSS Score
0.665
Published
2022-07-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-07-14
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-07-14
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.
CVSS Score
9.8
EPSS Score
0.427
Published
2022-07-14
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-07-14
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-07-14
AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-07-14
Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-07-14