Search Results (363618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2756 1 Kavitareader 1 Kavita 2024-11-21 6.5 Medium
Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.
CVE-2022-2754 1 Ketchup Restaurant Reservations Project 1 Ketchup Restaurant Reservations 2024-11-21 9.8 Critical
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks
CVE-2022-2753 1 Ketchup Restaurant Reservations Project 1 Ketchup Restaurant Reservations 2024-11-21 6.1 Medium
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made
CVE-2022-2743 1 Google 3 Chrome, Chrome Os, Linux And Chrome Os 2024-11-21 8.8 High
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)
CVE-2022-2742 1 Google 3 Chrome, Chrome Os, Linux And Chrome Os 2024-11-21 8.8 High
Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High)
CVE-2022-2739 2 Podman Project, Redhat 4 Podman, Enterprise Linux Server, Enterprise Linux Workstation and 1 more 2024-11-21 5.3 Medium
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.
CVE-2022-2738 2 Podman Project, Redhat 4 Podman, Enterprise Linux Server, Enterprise Linux Workstation and 1 more 2024-11-21 7.5 High
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.
CVE-2022-2737 1 Wp-staging 1 Wp Staging 2024-11-21 4.8 Medium
The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-2735 3 Clusterlabs, Debian, Redhat 4 Pcs, Debian Linux, Enterprise Linux and 1 more 2024-11-21 7.8 High
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.
CVE-2022-2734 1 Open-emr 1 Openemr 2024-11-21 5.4 Medium
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2733 1 Open-emr 1 Openemr 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2731 1 Open-emr 1 Openemr 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2730 1 Open-emr 1 Openemr 2024-11-21 6.5 Medium
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2729 1 Open-emr 1 Openemr 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2714 1 Rosariosis 1 Rosariosis 2024-11-21 9.8 Critical
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.
CVE-2022-2710 1 Scroll To Top Project 1 Scroll To Top 2024-11-21 4.8 Medium
The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-2675 1 Unitree 2 Go 1, Go 1 Firmware 2024-11-21 6.5 Medium
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.
CVE-2022-2668 1 Redhat 3 Keycloak, Red Hat Single Sign On, Single Sign-on 2024-11-21 7.2 High
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
CVE-2022-2663 3 Debian, Linux, Redhat 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more 2024-11-21 5.3 Medium
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
CVE-2022-2657 1 Wc-marketplace 1 Multivendor Marketplace Solution For Woocommerce - Wc Marketplace 2024-11-21 4.3 Medium
The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors (reporter by the submitter) or update arbitrary order status (identified by WPScan when verifying the issue) for example. Other unauthenticated attacks are also possible, either directly or via CSRF