Search Results (363801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2255 3 Debian, Modwsgi, Redhat 3 Debian Linux, Mod Wsgi, Enterprise Linux 2024-11-21 7.5 High
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
CVE-2022-2252 1 Microweber 1 Microweber 2024-11-21 6.1 Medium
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.
CVE-2022-2250 1 Gitlab 1 Gitlab 2024-11-21 4.7 Medium
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.
CVE-2022-2245 1 Wow-company 1 Counter Box 2024-11-21 8.8 High
The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks
CVE-2022-2244 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.
CVE-2022-2243 1 Gitlab 1 Gitlab 2024-11-21 5 Medium
An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects.
CVE-2022-2242 1 Kuka 1 Systemsoftware V\/kss 2024-11-21 9.8 Critical
The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default).
CVE-2022-2241 1 Fifu 1 Featured Image From Url 2024-11-21 6.1 Medium
The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues
CVE-2022-2240 1 Emarketdesign 1 Request A Quote 2024-11-21 8.8 High
The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it
CVE-2022-2239 1 Emarketdesign 1 Request A Quote 2024-11-21 4.8 Medium
The Request a Quote WordPress plugin before 2.3.9 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2238 1 Redhat 2 Acm, Advanced Cluster Management For Kubernetes 2024-11-21 6.5 Medium
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting.
CVE-2022-2235 1 Gitlab 1 Gitlab 2024-11-21 8.7 High
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link
CVE-2022-2231 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 5.5 Medium
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
CVE-2022-2230 1 Gitlab 1 Gitlab 2024-11-21 8.1 High
A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.
CVE-2022-2229 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
CVE-2022-2228 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range
CVE-2022-2227 1 Gitlab 1 Gitlab 2024-11-21 3.1 Low
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions
CVE-2022-2225 1 Cloudflare 1 Warp 2024-11-21 8.1 High
By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.
CVE-2022-2222 1 Wpchill 1 Download Monitor 2024-11-21 4.9 Medium
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.
CVE-2022-2221 1 Devolutions 1 Remote Desktop Manager 2024-11-21 6.5 Medium
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.