Search Results (366787 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0386 1 Sophos 1 Unified Threat Management 2024-11-21 8.8 High
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
CVE-2022-0385 1 Crazy Bone Project 1 Crazy Bone 2024-11-21 6.1 Medium
The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting
CVE-2022-0384 1 Imdpen 1 Video Conferencing With Zoom 2024-11-21 4.3 Medium
The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog
CVE-2022-0383 1 Ljapps 1 Wp Review Slider 2024-11-21 7.2 High
The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks
CVE-2022-0382 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1.
CVE-2022-0379 1 Microweber 1 Microweber 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0378 1 Microweber 1 Microweber 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0377 1 Thimpress 1 Learnpress 2024-11-21 4.3 Medium
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.
CVE-2022-0376 1 User-meta 1 User Meta User Profile Builder And User Management 2024-11-21 4.8 Medium
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2022-0375 1 Livehelperchat 1 Live Helper Chat 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0374 1 Livehelperchat 1 Live Helper Chat 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0373 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address
CVE-2022-0372 1 Craterapp 1 Crater 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
CVE-2022-0371 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private.
CVE-2022-0370 1 Livehelperchat 1 Livehelperchat 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0368 3 Apple, Debian, Vim 3 Macos, Debian Linux, Vim 2024-11-21 7.8 High
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0366 1 Capsule8 1 Capsule8 2024-11-21 8.8 High
An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1.
CVE-2022-0364 1 Webnus 1 Modern Events Calendar Lite 2024-11-21 5.4 Medium
The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
CVE-2022-0362 1 Showdoc 1 Showdoc 2024-11-21 9.8 Critical
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.
CVE-2022-0360 1 Smackcoders 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv 2024-11-21 4.8 Medium
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues