Search Results (364122 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0166 1 Mcafee 1 Agent 2024-11-21 7.8 High
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.
CVE-2022-0165 1 King-theme 1 Kingcomposer 2024-11-21 6.1 Medium
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users
CVE-2022-0164 1 Wpdevart 1 Coming Soon And Maintenance Mode 2024-11-21 4.3 Medium
The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users
CVE-2022-0163 1 Rednao 1 Smart Forms 2024-11-21 6.5 Medium
The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.
CVE-2022-0162 1 Tp-link 2 Tl-wr841n, Tl-wr841n Firmware 2024-11-21 8.4 High
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.
CVE-2022-0161 1 Ari-soft 1 Ari Fancy Lightbox 2024-11-21 6.1 Medium
The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2022-0159 1 Orchardcore 1 Orchardcore 2024-11-21 5.4 Medium
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0158 3 Apple, Fedoraproject, Vim 3 Macos, Fedora, Vim 2024-11-21 3.3 Low
vim is vulnerable to Heap-based Buffer Overflow
CVE-2022-0157 2 Fedoraproject, Phoronix-media 2 Fedora, Phoronix Test Suite 2024-11-21 5.4 Medium
phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0156 3 Apple, Fedoraproject, Vim 3 Macos, Fedora, Vim 2024-11-21 5.5 Medium
vim is vulnerable to Use After Free
CVE-2022-0155 3 Follow-redirects Project, Redhat, Siemens 4 Follow-redirects, Acm, Rhev Manager and 1 more 2024-11-21 6.5 Medium
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2022-0154 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account.
CVE-2022-0153 1 Fork-cms 1 Fork Cms 2024-11-21 7.5 High
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.
CVE-2022-0152 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API.
CVE-2022-0151 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions.
CVE-2022-0150 1 Wp Accessibility Helper Project 1 Wp Accessibility Helper 2024-11-21 6.1 Medium
The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue
CVE-2022-0149 1 Visser 1 Store Exporter For Woocommerce 2024-11-21 6.1 Medium
The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.
CVE-2022-0148 1 Premio 1 Mystickyelements 2024-11-21 5.4 Medium
The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.
CVE-2022-0147 1 Cookieinformation 1 Wp-gdpr-compliance 2024-11-21 6.1 Medium
The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
CVE-2022-0145 1 Fork-cms 1 Fork Cms 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.