Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-06 | CVE-2021-27751 | Insufficient Session Expiration vulnerability in Hcltechsw HCL Commerce HCL Commerce is affected by an Insufficient Session Expiration vulnerability. | 3.3 |
| 2022-05-03 | CVE-2022-28784 | Path Traversal vulnerability in Google Android 10.0/11.0/12.0 Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. | 3.3 |
| 2022-05-03 | CVE-2022-28790 | Improper Authentication vulnerability in Samsung Link to Windows Service Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. | 3.3 |
| 2022-05-01 | CVE-2022-21149 | Cross-site Scripting vulnerability in S-Cart The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie. | 3.5 |
| 2022-04-29 | CVE-2022-1249 | NULL Pointer Dereference vulnerability in Pesign Project Pesign A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. | 3.3 |
| 2022-04-28 | CVE-2022-29812 | Unspecified vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient | 2.3 |
| 2022-04-28 | CVE-2022-29816 | Cross-site Scripting vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible | 3.2 |
| 2022-04-28 | CVE-2022-29820 | Exposure of Resource to Wrong Sphere vulnerability in Jetbrains Pycharm In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible | 3.5 |
| 2022-04-27 | CVE-2021-25266 | Insecure Storage of Sensitive Information vulnerability in Sophos Authenticator and Intercept X An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. | 3.9 |
| 2022-04-27 | CVE-2022-24885 | Improper Authentication vulnerability in Nextcloud Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. | 2.4 |