Search Results (363801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0400 1 Linux 1 Linux Kernel 2024-11-21 7.5 High
An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.
CVE-2022-0399 1 Berocket 1 Advanced Product Labels For Woocommerce 2024-11-21 6.1 Medium
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting
CVE-2022-0398 1 Caseproof 1 Thirstyaffiliates Affiliate Link Manager 2024-11-21 5.4 Medium
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website
CVE-2022-0397 1 Wpclever 1 Wpc Smart Wishlist For Woocommerce 2024-11-21 5.4 Medium
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflected Cross-Site Scripting
CVE-2022-0396 5 Fedoraproject, Isc, Netapp and 2 more 20 Fedora, Bind, H300e and 17 more 2024-11-21 5.3 Medium
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
CVE-2022-0395 1 Livehelperchat 1 Live Helper Chat 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0393 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.1 High
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0390 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard.
CVE-2022-0389 1 Codepeople 1 Wp Time Slots Booking Form 2024-11-21 4.8 Medium
The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-0388 1 Humananatomyillustrations 1 Interactive Medical Drawing Of Human Body 2024-11-21 4.8 Medium
The Interactive Medical Drawing of Human Body WordPress plugin before 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-0387 1 Livehelperchat 1 Livehelperchat 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0386 1 Sophos 1 Unified Threat Management 2024-11-21 8.8 High
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
CVE-2022-0385 1 Crazy Bone Project 1 Crazy Bone 2024-11-21 6.1 Medium
The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting
CVE-2022-0384 1 Imdpen 1 Video Conferencing With Zoom 2024-11-21 4.3 Medium
The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog
CVE-2022-0383 1 Ljapps 1 Wp Review Slider 2024-11-21 7.2 High
The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks
CVE-2022-0382 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1.
CVE-2022-0379 1 Microweber 1 Microweber 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0378 1 Microweber 1 Microweber 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0377 1 Thimpress 1 Learnpress 2024-11-21 4.3 Medium
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.
CVE-2022-0376 1 User-meta 1 User Meta User Profile Builder And User Management 2024-11-21 4.8 Medium
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed