Search Results (364396 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2146 1 Import Csv Files Project 1 Import Csv Files 2024-11-21 6.1 Medium
The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting
CVE-2022-2145 1 Cloudflare 1 Warp 2024-11-21 5.8 Medium
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.
CVE-2022-2144 1 Jquery Validation For Contact Form 7 Project 1 Jquery Validation For Contact Form 7 2024-11-21 4.3 Medium
The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attack
CVE-2022-2134 1 Inventree Project 1 Inventree 2024-11-21 6.5 Medium
Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0.
CVE-2022-2133 1 Miniorange 1 Oauth Single Sign On 2024-11-21 5.3 Medium
The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.
CVE-2022-2132 4 Debian, Dpdk, Fedoraproject and 1 more 15 Debian Linux, Data Plane Development Kit, Fedora and 12 more 2024-11-21 8.6 High
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
CVE-2022-2131 1 Openkm 1 Openkm 2024-11-21 8.5 High
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack.
CVE-2022-2130 1 Microweber 1 Microweber 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.
CVE-2022-2128 1 Trudesk Project 1 Trudesk 2024-11-21 9.8 Critical
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.
CVE-2022-2126 4 Apple, Debian, Fedoraproject and 1 more 4 Macos, Debian Linux, Fedora and 1 more 2024-11-21 7.8 High
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2125 3 Apple, Fedoraproject, Vim 3 Macos, Fedora, Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2124 4 Apple, Debian, Fedoraproject and 1 more 4 Macos, Debian Linux, Fedora and 1 more 2024-11-21 7.8 High
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2123 1 Wp Opt-in Project 1 Wp Opt-in 2024-11-21 4.3 Medium
The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.
CVE-2022-2118 1 Tooltulips 1 404s 2024-11-21 4.8 Medium
The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2116 1 Webacetechs 1 Contact Form Db - Elementor 2024-11-21 6.1 Medium
The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
CVE-2022-2115 1 Essentialplugin 1 Popup Anything 2024-11-21 6.1 Medium
The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting
CVE-2022-2114 1 Supsystic 1 Data Tables Generator 2024-11-21 4.8 Medium
The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-2113 1 Inventree Project 1 Inventree 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2.
CVE-2022-2112 1 Inventree Project 1 Inventree 2024-11-21 8.8 High
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
CVE-2022-2111 1 Inventree Project 1 Inventree 2024-11-21 8.8 High
Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2.