Search Results (363801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0375 1 Livehelperchat 1 Live Helper Chat 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0374 1 Livehelperchat 1 Live Helper Chat 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0373 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address
CVE-2022-0372 1 Craterapp 1 Crater 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
CVE-2022-0371 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private.
CVE-2022-0370 1 Livehelperchat 1 Livehelperchat 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0368 3 Apple, Debian, Vim 3 Macos, Debian Linux, Vim 2024-11-21 7.8 High
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0366 1 Capsule8 1 Capsule8 2024-11-21 8.8 High
An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1.
CVE-2022-0364 1 Webnus 1 Modern Events Calendar Lite 2024-11-21 5.4 Medium
The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
CVE-2022-0362 1 Showdoc 1 Showdoc 2024-11-21 9.8 Critical
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.
CVE-2022-0360 1 Smackcoders 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv 2024-11-21 4.8 Medium
The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cross-Site Scripting issues
CVE-2022-0358 2 Qemu, Redhat 4 Qemu, Advanced Virtualization, Enterprise Linux and 1 more 2024-11-21 7.8 High
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
CVE-2022-0353 1 Lenovo 3 Diagnostics, Hardwarescan Addin, Hardwarescan Plugin 2024-11-21 4.4 Medium
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
CVE-2022-0352 1 Janeczku 1 Calibre-web 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.
CVE-2022-0350 1 B3log 1 Vditor 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.
CVE-2022-0349 1 Wpdeveloper 1 Notificationx 2024-11-21 9.8 Critical
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection
CVE-2022-0348 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.
CVE-2022-0347 1 Wpbrigade 1 Loginpress 2024-11-21 6.1 Medium
The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
CVE-2022-0346 1 Xmlsitemapgenerator 1 Xml Sitemap Generator 2024-11-21 6.1 Medium
The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.
CVE-2022-0345 1 Madewithfuel 1 Customize Wordpress Emails And Alerts 2024-11-21 4.3 Medium
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).