| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-4097 | All In One WP Security & Firewall < 5.0.8 - IP Spoofing | Unknown | All-In-One Security (AIOS) | 中危 | - | 2022-12-12 17:54:35 | Deep Dive |
| CVE-2022-41971 | Nextcloud Talk guests can continue to receive video streams from call after being removed from a conversation | nextcloud | security-advisories | Medium | 4.8 | 2022-12-01 20:55:46 | Deep Dive |
| CVE-2022-41970 | Nextcloud Server's disabled download shares still allow download through preview images | nextcloud | security-advisories | Low | 2.6 | 2022-12-01 20:54:37 | Deep Dive |
| CVE-2022-41969 | Nextcloud Server has no password length limit when creating a user as an administrator | nextcloud | security-advisories | Low | 2.4 | 2022-12-01 20:47:50 | Deep Dive |
| CVE-2022-41968 | Nextcloud Server's calendar name length not validated before writing to database | nextcloud | security-advisories | Low | 3.5 | 2022-12-01 20:38:47 | Deep Dive |
| CVE-2022-39346 | Missing length validation of user displayname in nextcloud server | nextcloud | security-advisories | Low | 3.5 | 2022-11-25 00:00:00 | Deep Dive |
| CVE-2022-41926 | Nextcloud Talk Android broadcast incorrect permission handling | nextcloud | security-advisories | Low | 3.3 | 2022-11-25 00:00:00 | Deep Dive |
| CVE-2022-39339 | Cleartext Transmission of Sensitive Information in user_oidc | nextcloud | security-advisories | Medium | 4.3 | 2022-11-25 00:00:00 | Deep Dive |
| CVE-2022-39338 | Stored cross site scripting (XSS) vulnerability via Authorization Endpoint in user_oidc | nextcloud | security-advisories | Low | 3.5 | 2022-11-25 00:00:00 | Deep Dive |
| CVE-2022-39334 | nextcloudcmd incorrectly trusts bad TLS certificates | nextcloud | security-advisories | Low | 3.9 | 2022-11-25 00:00:00 | Deep Dive |
| CVE-2022-39333 | Cross-site scripting (XSS) in Nextcloud Desktop Client | nextcloud | security-advisories | Medium | 4.6 | 2022-11-25 00:00:00 | Deep Dive |
| CVE-2022-39332 | Cross-site scripting (XSS) in Nextcloud Desktop Client | nextcloud | security-advisories | Medium | 4.6 | 2022-11-25 00:00:00 | Deep Dive |
| CVE-2022-39331 | Cross-site Scripting (XSS) in Nexcloud Desktop Client | nextcloud | security-advisories | Medium | 4.6 | 2022-11-25 00:00:00 | Deep Dive |
| CVE-2022-41923 | Grails Spring Security Core plugin vulnerable to privilege escalation | grails | grails-spring-security-core | Critical | 9.1 | 2022-11-23 00:00:00 | Deep Dive |
| CVE-2022-44737 | WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | All In One WP Security & Firewall Team | All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) | Medium | 6.5 | 2022-11-22 16:00:11 | Deep Dive |
| CVE-2022-45379 | Jenkins Plugin Script Security 加密问题漏洞 | Jenkins project | Jenkins Script Security Plugin | 高危 | - | 2022-11-15 00:00:00 | Deep Dive |
| CVE-2022-41918 | Issue with fine-grained access control of indices backing data streams | opensearch-project | security | Medium | 6.3 | 2022-11-15 00:00:00 | Deep Dive |
| CVE-2022-36776 | IBM Cloud Pak for Security 跨站脚本漏洞 | IBM | Cloud Pak for Security | Medium | 5.4 | 2022-11-11 18:44:09 | Deep Dive |
| CVE-2022-38385 | IBM Cloud Pak for Security 输入验证错误漏洞 | IBM | Cloud Pak for Security | High | 7.1 | 2022-11-11 18:19:56 | Deep Dive |
| CVE-2022-38387 | IBM Cloud Pak for Security 操作系统命令注入漏洞 | IBM | Cloud Pak for Security | High | 7.1 | 2022-11-11 18:16:00 | Deep Dive |