Security Vulnerabilities - CVEs Published In August 2022
Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.001
Published
2022-08-19
DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-08-19
XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.002
Published
2022-08-19
EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-08-19
Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.
CVSS Score
9.8
EPSS Score
0.016
Published
2022-08-19
StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-08-19
Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-08-19
Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-08-19
Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-08-19
Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-08-19