Search Results (363434 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-1224 1 Phpipam 1 Phpipam 2024-11-21 6.5 Medium
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
CVE-2022-1222 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVE-2022-1221 1 Gwyn\'s Imagemap Selector Project 1 Gwyn\'s Imagemap Selector 2024-11-21 6.1 Medium
The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.
CVE-2022-1220 1 Foxy-shop 1 Foxyshop 2024-11-21 6.1 Medium
The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2022-1219 1 Pimcore 1 Pimcore 2024-11-21 7.5 High
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
CVE-2022-1218 1 Duogeek 1 Domain Replace 2024-11-21 6.1 Medium
The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2022-1217 1 Custom Tinymce Shortcode Button Project 1 Custom Tinymce Shortcode Button 2024-11-21 6.1 Medium
The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.
CVE-2022-1216 1 Advanced Image Sitemap Project 1 Advanced Image Sitemap 2024-11-21 6.1 Medium
The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.
CVE-2022-1215 2 Freedesktop, Redhat 2 Libinput, Enterprise Linux 2024-11-21 7.8 High
A format string vulnerability was found in libinput
CVE-2022-1213 1 Livehelperchat 1 Live Helper Chat 2024-11-21 8.1 High
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191
CVE-2022-1212 1 Mruby 1 Mruby 2024-11-21 9.8 Critical
Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
CVE-2022-1207 1 Radare 1 Radare2 2024-11-21 6.6 Medium
Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.
CVE-2022-1205 1 Linux 1 Linux Kernel 2024-11-21 4.7 Medium
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.
CVE-2022-1204 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2024-11-21 5.5 Medium
A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.
CVE-2022-1203 1 Content Mask Project 1 Content Mask 2024-11-21 4.3 Medium
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options
CVE-2022-1202 1 Usabilitydynamics 1 Wp-crm 2024-11-21 7.8 High
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.
CVE-2022-1201 1 Mruby 1 Mruby 2024-11-21 6.5 Medium
NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system.
CVE-2022-1198 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 5.5 Medium
A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.
CVE-2022-1195 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 5.5 Medium
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.
CVE-2022-1194 1 Mobileeventsmanager 1 Mobile Events Manager 2024-11-21 8.8 High
The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.