Search Results (363821 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0293 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0292 1 Google 1 Chrome 2024-11-21 6.5 Medium
Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
CVE-2022-0291 1 Google 1 Chrome 2024-11-21 6.5 Medium
Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
CVE-2022-0290 1 Google 1 Chrome 2024-11-21 9.6 Critical
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2022-0289 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0288 2 Ad Inserter Pro Project, Ad Inserter Project 2 Ad Inserter Pro, Ad Inserter 2024-11-21 6.1 Medium
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
CVE-2022-0286 3 Linux, Oracle, Redhat 5 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 2 more 2024-11-21 5.5 Medium
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
CVE-2022-0285 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.
CVE-2022-0284 1 Imagemagick 1 Imagemagick 2024-11-21 7.1 High
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.
CVE-2022-0283 1 Gitlab 1 Gitlab 2024-11-21 4.7 Medium
An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL.
CVE-2022-0281 1 Microweber 1 Microweber 2024-11-21 7.5 High
Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0280 2 Mcafee, Microsoft 2 Total Protection, Windows 2024-11-21 7.5 High
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
CVE-2022-0279 1 Bologer 1 Anycomment 2024-11-21 3.1 Low
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users
CVE-2022-0278 1 Microweber 1 Microweber 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0277 1 Microweber 1 Microweber 2024-11-21 6.5 Medium
Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0274 1 Orchardcore 1 Orchardcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
CVE-2022-0273 1 Janeczku 1 Calibre-web 2024-11-21 6.5 Medium
Improper Access Control in Pypi calibreweb prior to 0.6.16.
CVE-2022-0272 1 Detekt 1 Detekt 2024-11-21 9.8 Critical
Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0.
CVE-2022-0271 1 Thimpress 1 Learnpress 2024-11-21 6.1 Medium
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting
CVE-2022-0270 1 Mirantis 1 Bored-agent 2024-11-21 8.8 High
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups.