Search Results (363801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0425 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.
CVE-2022-0424 1 Supsystic 1 Popup 2024-11-21 5.3 Medium
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
CVE-2022-0423 1 3dflipbook 1 3d Flipbook 2024-11-21 5.4 Medium
The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.
CVE-2022-0422 1 Videousermanuals 1 White Label Cms 2024-11-21 6.1 Medium
The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue
CVE-2022-0420 1 Metagauss 1 Registrationmagic 2024-11-21 7.2 High
The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks
CVE-2022-0419 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 5.5 Medium
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.
CVE-2022-0418 1 Event List Project 1 Event List 2024-11-21 4.8 Medium
The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed
CVE-2022-0415 1 Gogs 1 Gogs 2024-11-21 8.8 High
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.
CVE-2022-0414 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 4.3 Medium
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.
CVE-2022-0413 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 7.8 High
Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-0412 1 Templateinvaders 1 Ti Woocommerce Wishlist 2024-11-21 9.8 Critical
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allowing unauthenticated attackers to perform SQL injection attacks
CVE-2022-0411 1 Asgaros 1 Asgaros Forum 2024-11-21 8.8 High
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection
CVE-2022-0409 1 Showdoc 1 Showdoc 2024-11-21 7.8 High
Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.
CVE-2022-0408 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2024-11-21 7.8 High
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0407 1 Vim 1 Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0406 1 Janeczku 1 Calibre-web 2024-11-21 4.3 Medium
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
CVE-2022-0405 1 Janeczku 1 Calibre-web 2024-11-21 4.3 Medium
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
CVE-2022-0404 1 Material Design For Contact Form 7 Project 1 Material Design For Contact Form 7 2024-11-21 6.5 Medium
The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site.
CVE-2022-0403 1 Wpjos 1 Library File Manager 2024-11-21 8.1 High
The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, as the options passed to the elFinder library does not restrict any file type, users with a role as low as subscriber can Create/Upload/Delete Arbitrary files and folders.
CVE-2022-0401 1 W-zip Project 1 W-zip 2024-11-21 9.8 Critical
Path Traversal in NPM w-zip prior to 1.0.12.