Search Results (363878 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2350 1 Brainvire 1 Disable User Login 2024-11-21 5.3 Medium
The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.
CVE-2022-2346 1 Octopus 1 Octopus Server 2024-11-21 5.5 Medium
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.
CVE-2022-2345 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Use After Free in GitHub repository vim/vim prior to 9.0.0046.
CVE-2022-2344 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
CVE-2022-2343 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
CVE-2022-2342 1 Getoutline 1 Outline 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4.
CVE-2022-2341 1 Simple Page Transition Project 1 Simple Page Transition 2024-11-21 4.8 Medium
The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-2340 1 W-dalil Project 1 W-dalil 2024-11-21 4.8 Medium
The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-2330 2 Mcafee, Microsoft 2 Data Loss Prevention Endpoint, Windows 2024-11-21 6.5 Medium
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.
CVE-2022-2328 1 Flexi Quote Rotator Project 1 Flexi Quote Rotator 2024-11-21 4.8 Medium
The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2326 1 Gitlab 1 Gitlab 2024-11-21 6.4 Medium
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an unverified secondary email.
CVE-2022-2325 1 Securebit 1 Invitation Based Registrations 2024-11-21 4.8 Medium
The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-2323 1 Sonicwall 14 Sws12-10fpoe, Sws12-10fpoe Firmware, Sws12-8 and 11 more 2024-11-21 8.8 High
Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions
CVE-2022-2321 1 Heroiclabs 1 Nakama 2024-11-21 9.8 Critical
Improper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. This results in login brute-force attacks.
CVE-2022-2318 3 Debian, Linux, Netapp 12 Debian Linux, Linux Kernel, H300s and 9 more 2024-11-21 5.5 Medium
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.
CVE-2022-2317 1 Simple-membership-plugin 1 Simple Membership 2024-11-21 9.8 Critical
The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.
CVE-2022-2316 1 Devolutions 1 Devolutions Server 2024-11-21 5.4 Medium
HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.
CVE-2022-2314 1 Vr Calendar Project 1 Vr Calendar 2024-11-21 9.8 Critical
The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.
CVE-2022-2313 1 Mcafee 1 Agent 2024-11-21 8.2 High
A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed.
CVE-2022-2312 1 Student Result Or Employee Database Project 1 Student Result Or Employee Database 2024-11-21 5.4 Medium
The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting