Total
3285 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0588 | 1 Librenms | 1 Librenms | 2024-08-02 | 7.1 High |
| Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | ||||
| CVE-2022-0579 | 1 Snipeitapp | 1 Snipe-it | 2024-08-02 | 6.5 Medium |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. | ||||
| CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 36 Ubuntu Linux, Debian Linux, Fedora and 33 more | 2024-08-02 | 7.8 High |
| A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | ||||
| CVE-2022-0404 | 1 Material Design For Contact Form 7 Project | 1 Material Design For Contact Form 7 | 2024-08-02 | 6.5 Medium |
| The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site. | ||||
| CVE-2022-0345 | 1 Madewithfuel | 1 Customize Wordpress Emails And Alerts | 2024-08-02 | 4.3 Medium |
| The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.). | ||||
| CVE-2022-0444 | 1 Watchful | 1 Xcloner | 2024-08-02 | 4.3 Medium |
| The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. | ||||
| CVE-2022-0398 | 1 Caseproof | 1 Thirstyaffiliates Affiliate Link Manager | 2024-08-02 | 5.4 Medium |
| The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website | ||||
| CVE-2022-0390 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 4.3 Medium |
| Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | ||||
| CVE-2022-0363 | 1 Mycred | 1 Mycred | 2024-08-02 | 4.3 Medium |
| The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts. | ||||
| CVE-2022-0287 | 1 Mycred | 1 Mycred | 2024-08-02 | 4.3 Medium |
| The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog | ||||
| CVE-2022-0236 | 1 Vjinfotech | 2 Wp Import Export, Wp Import Export Lite | 2024-08-02 | 7.5 High |
| The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or exported information from a vulnerable site which can contain sensitive information like user data. This affects versions up to, and including, 3.9.15. | ||||
| CVE-2022-0229 | 1 Miniorange | 1 Google Authenticator | 2024-08-02 | 8.1 High |
| The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable. | ||||
| CVE-2022-0218 | 1 Codemiq | 1 Wordpress Email Template Designer | 2024-08-02 | 8.3 High |
| The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. This makes it possible for attackers with no privileges to execute the endpoint and add malicious JavaScript to a vulnerable WordPress site. | ||||
| CVE-2022-0203 | 1 Craterapp | 1 Crater | 2024-08-02 | 5.3 Medium |
| Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. | ||||
| CVE-2022-0164 | 1 Wpdevart | 1 Coming Soon And Maintenance Mode | 2024-08-02 | 4.3 Medium |
| The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users | ||||
| CVE-2022-0152 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API. | ||||
| CVE-2022-0178 | 1 Snipeitapp | 1 Snipe-it | 2024-08-02 | 6.3 Medium |
| Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8. | ||||
| CVE-2022-0179 | 1 Snipeitapp | 1 Snipe-it | 2024-08-02 | 5.4 Medium |
| snipe-it is vulnerable to Missing Authorization | ||||
| CVE-2022-0125 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project. | ||||
| CVE-2022-0163 | 1 Rednao | 1 Smart Forms | 2024-08-02 | 6.5 Medium |
| The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form. | ||||