The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-37901 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Dec 15, 2022 | n/a |
| CVE-2022-37900 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Dec 15, 2022 | n/a |
| CVE-2022-37899 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Dec 15, 2022 | n/a |
| CVE-2022-37898 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Dec 15, 2022 | n/a |
| CVE-2024-25613 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 5, 2024 | n/a |
| CVE-2024-25612 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 5, 2024 | n/a |
| CVE-2024-25611 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 5, 2024 | n/a |
| CVE-2024-1356 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 5, 2024 | n/a |
| CVE-2023-22770 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 4, 2023 | n/a |
| CVE-2023-22769 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 4, 2023 | n/a |
| CVE-2023-22768 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 4, 2023 | n/a |
| CVE-2023-22767 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 4, 2023 | n/a |
| CVE-2023-22766 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 4, 2023 | n/a |
| CVE-2023-22765 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 4, 2023 | n/a |
| CVE-2023-22764 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 4, 2023 | n/a |
| CVE-2023-22763 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 4, 2023 | n/a |
| CVE-2023-22762 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | -- | Mar 4, 2023 | n/a |
| CVE-2022-23683 | Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX in ArubaOS-CX Switches version(s): AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1030 and below, AOS-CX 10.08.xxxx: 10.08.1070 and below, AOS-CX 10.06.xxxx: 10.06.0210 and below. Aruba has released upgrades for ArubaOS-CX Switch Devices that address these security vulnerabilities. | -- | Sep 12, 2022 | n/a |
| CVE-2017-11347 | Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php. | MEDIUM | Jul 17, 2017 | n/a |
| CVE-2021-40578 | Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter. | MEDIUM | Dec 9, 2021 | n/a |
| CVE-2022-34868 | Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | -- | Aug 26, 2022 | n/a |
| CVE-2022-36285 | Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. | -- | Aug 26, 2022 | n/a |
| CVE-2022-28700 | Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP\'s GiveWP plugin <= 2.20.2 at WordPress. | -- | Jul 21, 2022 | n/a |
| CVE-2022-36386 | Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress. | -- | Sep 23, 2022 | n/a |
| CVE-2020-3681 | Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code. | HIGH | Jul 31, 2020 | n/a |
| CVE-2021-23261 | Authenticated administrators may override the system configuration file and cause a denial of service. | MEDIUM | Dec 3, 2021 | n/a |
| CVE-2021-23262 | Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. | MEDIUM | Dec 3, 2021 | n/a |
| CVE-2022-40191 | Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad\'s Contact Form By Mega Forms plugin <= 1.2.4 at WordPress. | -- | Sep 10, 2022 | n/a |
| CVE-2022-36390 | Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. | -- | Sep 23, 2022 | n/a |
| CVE-2022-40310 | Authenticated (subscriber+) Race Condition vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes. | -- | Sep 23, 2022 | n/a |
| CVE-2022-36341 | Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni\'s AS – Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress. | -- | Aug 25, 2022 | n/a |
| CVE-2022-38058 | Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. | -- | Sep 10, 2022 | n/a |
| CVE-2022-33142 | Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. | -- | Aug 25, 2022 | n/a |
| CVE-2022-38134 | Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | -- | Sep 23, 2022 | n/a |
| CVE-2022-29442 | Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. | LOW | Jun 15, 2022 | n/a |
| CVE-2021-36826 | Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions. | LOW | Apr 5, 2022 | n/a |
| CVE-2022-35275 | Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress. | -- | Sep 10, 2022 | n/a |
| CVE-2022-36375 | Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari\'s Tabs plugin <= 3.6.0 at WordPress. | -- | Jul 26, 2022 | n/a |
| CVE-2021-36857 | Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. | -- | Aug 23, 2022 | n/a |
| CVE-2022-36282 | Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy\'s Search Exclude plugin <= 1.2.6 at WordPress. | -- | Aug 26, 2022 | n/a |
| CVE-2022-29452 | Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. | LOW | Jun 16, 2022 | n/a |
| CVE-2021-36851 | Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color. | LOW | Apr 5, 2022 | n/a |
| CVE-2022-31475 | Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP\'s GiveWP plugin <= 2.20.2 at WordPress. | -- | Jul 21, 2022 | n/a |
| CVE-2022-37330 | Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA Crossword plugin <= 1.1.10 at WordPress. | -- | Sep 23, 2022 | n/a |
| CVE-2022-36355 | Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress. | -- | Sep 2, 2022 | n/a |
| CVE-2022-38460 | Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress. | -- | Sep 23, 2022 | n/a |
| CVE-2022-37339 | Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress. | -- | Sep 23, 2022 | n/a |
| CVE-2022-36791 | Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress. | -- | Sep 23, 2022 | n/a |
| CVE-2022-36405 | Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress. | -- | Aug 26, 2022 | n/a |
| CVE-2022-32280 | Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro\'s XO Slider plugin <= 3.3.2 at WordPress. | LOW | Jun 16, 2022 | n/a |
