Search Results (36936 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-1472 1 Codesolz 1 Better Find And Replace 2024-11-21 7.2 High
The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection
CVE-2022-1466 1 Redhat 3 Keycloak, Red Hat Single Sign On, Single Sign-on 2024-11-21 6.5 Medium
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
CVE-2022-1460 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user.
CVE-2022-1429 1 Pimcore 1 Pimcore 2024-11-21 7.5 High
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data
CVE-2022-1423 1 Gitlab 1 Gitlab 2024-11-21 7.1 High
Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches
CVE-2022-1420 4 Apple, Fedoraproject, Redhat and 1 more 4 Macos, Fedora, Enterprise Linux and 1 more 2024-11-21 5.5 Medium
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
CVE-2022-1417 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs
CVE-2022-1401 1 Device42 1 Cmdb 2024-11-21 6.9 Medium
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00.
CVE-2022-1399 1 Device42 1 Cmdb 2024-11-21 9.1 Critical
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions.
CVE-2022-1365 2 Cross-fetch Project, Redhat 4 Cross-fetch, Acm, Jboss Enterprise Bpms Platform and 1 more 2024-11-21 6.5 Medium
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.
CVE-2022-1339 1 Pimcore 1 Pimcore 2024-11-21 7.5 High
SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
CVE-2022-1323 1 2code 1 Discy 2024-11-21 6.5 Medium
The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.
CVE-2022-1314 1 Google 1 Chrome 2024-11-21 8.8 High
Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-1309 1 Google 1 Chrome 2024-11-21 9.6 Critical
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2022-1293 1 Thalesgroup 1 Citadel 2024-11-21 5.7 Medium
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.
CVE-2022-1281 1 10web 1 Photo Gallery 2024-11-21 9.8 Critical
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
CVE-2022-1274 1 Redhat 10 Enterprise Linux, Enterprise Linux For Ibm Z Systems, Enterprise Linux For Ibm Z Systems Eus and 7 more 2024-11-21 5.4 Medium
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
CVE-2022-1258 1 Mcafee 1 Agent 2024-11-21 8.4 High
A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.
CVE-2022-1245 1 Redhat 3 Keycloak, Red Hat Single Sign On, Rhosemc 2024-11-21 9.8 Critical
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services.
CVE-2022-1232 1 Google 1 Chrome 2024-11-21 8.8 High
Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.