Search Results (363527 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2228 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range
CVE-2022-2227 1 Gitlab 1 Gitlab 2024-11-21 3.1 Low
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions
CVE-2022-2225 1 Cloudflare 1 Warp 2024-11-21 8.1 High
By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.
CVE-2022-2222 1 Wpchill 1 Download Monitor 2024-11-21 4.9 Medium
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.
CVE-2022-2221 1 Devolutions 1 Remote Desktop Manager 2024-11-21 6.5 Medium
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.
CVE-2022-2219 1 Brizy 1 Unyson 2024-11-21 7.2 High
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
CVE-2022-2218 1 Parse-url Project 1 Parse-url 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.
CVE-2022-2217 1 Parse-url Project 1 Parse-url 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.
CVE-2022-2216 1 Parse-url Project 1 Parse-url 2024-11-21 9.8 Critical
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.
CVE-2022-2215 1 Givewp 1 Givewp 2024-11-21 4.8 Medium
The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-2211 2 Libguestfs, Redhat 2 Libguestfs, Enterprise Linux 2024-11-21 6.5 Medium
A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.
CVE-2022-2210 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2208 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 5.5 Medium
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
CVE-2022-2207 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2206 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2198 1 2code 1 Wpqa Builder 2024-11-21 4.3 Medium
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced.
CVE-2022-2194 1 Tipsandtricks-hq 1 Accept Stripe 2024-11-21 4.8 Medium
The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2193 1 Hypr 1 Hypr Server 2024-11-21 7.5 High
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1.
CVE-2022-2192 1 Hypr 1 Hypr Server 2024-11-21 7.5 High
Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions.
CVE-2022-2191 2 Eclipse, Redhat 2 Jetty, Amq Streams 2024-11-21 7.5 High
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.