Search Results (363357 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-1735 2 Apple, Vim 2 Macos, Vim 2024-11-21 7.8 High
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
CVE-2022-1734 3 Debian, Linux, Netapp 18 Debian Linux, Linux Kernel, H300e and 15 more 2024-11-21 7.0 High
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
CVE-2022-1733 3 Apple, Fedoraproject, Vim 3 Macos, Fedora, Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
CVE-2022-1732 1 Rename Wp-login Project 1 Rename Wp-login 2024-11-21 6.5 Medium
The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-1731 1 Allgeier 1 Metasonic Doc Webclient 2024-11-21 9.8 Critical
Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist.
CVE-2022-1730 1 Diagrams 1 Drawio 2024-11-21 4.6 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4.
CVE-2022-1729 3 Linux, Netapp, Redhat 9 Linux Kernel, Hci Baseboard Management Controller, Enterprise Linux and 6 more 2024-11-21 7.0 High
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
CVE-2022-1728 1 Trudesk Project 1 Trudesk 2024-11-21 6.5 Medium
Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
CVE-2022-1727 1 Diagrams 1 Drawio 2024-11-21 8.8 High
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.
CVE-2022-1726 1 Bootstrap-table 1 Bootstrap Table 2024-11-21 5.4 Medium
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties.
CVE-2022-1725 2 Apple, Vim 2 Macos, Vim 2024-11-21 5.5 Medium
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
CVE-2022-1724 1 Simple-membership-plugin 1 Simple Membership 2024-11-21 6.1 Medium
The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting
CVE-2022-1723 1 Diagrams 1 Drawio 2024-11-21 7.5 High
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
CVE-2022-1722 1 Diagrams 1 Drawio 2024-11-21 3.3 Low
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses
CVE-2022-1721 1 Diagrams 1 Drawio 2024-11-21 7.5 High
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
CVE-2022-1720 4 Apple, Debian, Fedoraproject and 1 more 4 Macos, Debian Linux, Fedora and 1 more 2024-11-21 7.8 High
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
CVE-2022-1719 1 Trudesk Project 1 Trudesk 2024-11-21 5.4 Medium
Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page
CVE-2022-1718 1 Trudesk Project 1 Trudesk 2024-11-21 7.5 High
The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service.
CVE-2022-1717 1 Wp-experts 1 Custom Share Buttons With Floating Sidebar 2024-11-21 4.8 Medium
The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
CVE-2022-1716 1 Kitetech 1 Keep My Notes 2024-11-21 4.6 Medium
Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.