Search Results (367003 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0274 1 Orchardcore 1 Orchardcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
CVE-2022-0273 1 Janeczku 1 Calibre-web 2024-11-21 6.5 Medium
Improper Access Control in Pypi calibreweb prior to 0.6.16.
CVE-2022-0272 1 Detekt 1 Detekt 2024-11-21 9.8 Critical
Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0.
CVE-2022-0271 1 Thimpress 1 Learnpress 2024-11-21 6.1 Medium
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting
CVE-2022-0270 1 Mirantis 1 Bored-agent 2024-11-21 8.8 High
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups.
CVE-2022-0269 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 8.0 High
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
CVE-2022-0268 1 Getgrav 1 Grav 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.
CVE-2022-0267 1 Adrotate Project 1 Adrotate 2024-11-21 7.2 High
The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection
CVE-2022-0266 1 Livehelperchat 1 Live Helper Chat 2024-11-21 6.6 Medium
Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v.
CVE-2022-0265 1 Hazelcast 1 Hazelcast 2024-11-21 9.8 Critical
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1.
CVE-2022-0264 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6
CVE-2022-0263 1 Pimcore 1 Pimcore 2024-11-21 7.8 High
Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.
CVE-2022-0262 1 Pimcore 1 Pimcore 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.
CVE-2022-0260 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7.
CVE-2022-0258 1 Pimcore 1 Pimcore 2024-11-21 8.8 High
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CVE-2022-0257 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0256 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0255 1 Deliciousbrains 1 Database Backup 2024-11-21 7.2 High
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue
CVE-2022-0254 1 Highfivery 1 Zero-spam 2024-11-21 9.8 Critical
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection
CVE-2022-0253 1 Livehelperchat 1 Livehelperchat 2024-11-21 5.4 Medium
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')