Search Results (363785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0429 1 Cerber 1 Wp Cerber Security\, Anti-spam \& Malware Scan 2024-11-21 6.1 Medium
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability.
CVE-2022-0428 1 Keywordrush 1 Content Egg 2024-11-21 6.1 Medium
The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting
CVE-2022-0427 1 Gitlab 1 Gitlab 2024-11-21 7.7 High
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover
CVE-2022-0426 1 Adtribes 1 Product Feed Pro For Woocommerce 2024-11-21 5.4 Medium
The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scripting
CVE-2022-0425 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.
CVE-2022-0424 1 Supsystic 1 Popup 2024-11-21 5.3 Medium
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
CVE-2022-0423 1 3dflipbook 1 3d Flipbook 2024-11-21 5.4 Medium
The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.
CVE-2022-0422 1 Videousermanuals 1 White Label Cms 2024-11-21 6.1 Medium
The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue
CVE-2022-0420 1 Metagauss 1 Registrationmagic 2024-11-21 7.2 High
The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks
CVE-2022-0419 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 5.5 Medium
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.
CVE-2022-0418 1 Event List Project 1 Event List 2024-11-21 4.8 Medium
The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed
CVE-2022-0415 1 Gogs 1 Gogs 2024-11-21 8.8 High
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.
CVE-2022-0414 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 4.3 Medium
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.
CVE-2022-0413 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 7.8 High
Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-0412 1 Templateinvaders 1 Ti Woocommerce Wishlist 2024-11-21 9.8 Critical
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks
CVE-2022-0411 1 Asgaros 1 Asgaros Forum 2024-11-21 8.8 High
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection
CVE-2022-0409 1 Showdoc 1 Showdoc 2024-11-21 7.8 High
Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.
CVE-2022-0408 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2024-11-21 7.8 High
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0407 1 Vim 1 Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0406 1 Janeczku 1 Calibre-web 2024-11-21 4.3 Medium
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.