Search Results (363527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2264 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2261 1 Xplodedthemes 1 Wpide 2024-11-21 7.2 High
The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue.
CVE-2022-2260 1 Givewp 1 Givewp 2024-11-21 6.5 Medium
The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target's CPU.
CVE-2022-2257 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2256 1 Redhat 2 Red Hat Single Sign On, Single Sign-on 2024-11-21 3.8 Low
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.
CVE-2022-2255 3 Debian, Modwsgi, Redhat 3 Debian Linux, Mod Wsgi, Enterprise Linux 2024-11-21 7.5 High
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
CVE-2022-2252 1 Microweber 1 Microweber 2024-11-21 6.1 Medium
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.
CVE-2022-2250 1 Gitlab 1 Gitlab 2024-11-21 4.7 Medium
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.
CVE-2022-2245 1 Wow-company 1 Counter Box 2024-11-21 8.8 High
The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks
CVE-2022-2244 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.
CVE-2022-2243 1 Gitlab 1 Gitlab 2024-11-21 5 Medium
An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects.
CVE-2022-2242 1 Kuka 1 Systemsoftware V\/kss 2024-11-21 9.8 Critical
The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default).
CVE-2022-2241 1 Fifu 1 Featured Image From Url 2024-11-21 6.1 Medium
The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues
CVE-2022-2240 1 Emarketdesign 1 Request A Quote 2024-11-21 8.8 High
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
CVE-2022-2239 1 Emarketdesign 1 Request A Quote 2024-11-21 4.8 Medium
The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2238 1 Redhat 2 Acm, Advanced Cluster Management For Kubernetes 2024-11-21 6.5 Medium
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.
CVE-2022-2235 1 Gitlab 1 Gitlab 2024-11-21 8.7 High
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link
CVE-2022-2231 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 5.5 Medium
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
CVE-2022-2230 1 Gitlab 1 Gitlab 2024-11-21 8.1 High
A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.
CVE-2022-2229 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.