Search Results (36911 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0757 1 Rapid7 1 Nexpose 2024-11-21 5.5 Medium
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.
CVE-2022-0756 1 Salesagility 1 Suitecrm 2024-11-21 6.5 Medium
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVE-2022-0755 1 Salesagility 1 Suitecrm 2024-11-21 4.3 Medium
Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVE-2022-0754 1 Salesagility 1 Suitecrm 2024-11-21 6.5 Medium
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVE-2022-0747 1 Quantumcloud 1 Infographic Maker 2024-11-21 9.8 Critical
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
CVE-2022-0746 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 4.3 Medium
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.
CVE-2022-0745 1 Likebtn 1 Like Button Rating 2024-11-21 6.5 Medium
The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body
CVE-2022-0740 1 Gitlab 1 Gitlab 2024-11-21 3.1 Low
Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches.
CVE-2022-0739 1 Reputeinfosystems 1 Bookingpress 2024-11-21 9.8 Critical
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
CVE-2022-0729 4 Apple, Debian, Fedoraproject and 1 more 4 Macos, Debian Linux, Fedora and 1 more 2024-11-21 8.8 High
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
CVE-2022-0727 1 Framasoft 1 Peertube 2024-11-21 5.4 Medium
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.
CVE-2022-0726 1 Framasoft 1 Peertube 2024-11-21 5.4 Medium
Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.
CVE-2022-0720 1 Tms-outsource 1 Amelia 2024-11-21 5.4 Medium
The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
CVE-2022-0711 3 Debian, Haproxy, Redhat 6 Debian Linux, Haproxy, Enterprise Linux and 3 more 2024-11-21 7.5 High
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.
CVE-2022-0694 1 Elbtide 1 Advanced Booking Calendar 2024-11-21 9.8 Critical
The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection
CVE-2022-0693 1 Devbunch 1 Master Elements 2024-11-21 9.8 Critical
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection
CVE-2022-0689 1 Microweber 1 Microweber 2024-11-21 5.3 Medium
Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0688 1 Microweber 1 Microweber 2024-11-21 4.9 Medium
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0685 4 Apple, Debian, Fedoraproject and 1 more 4 Macos, Debian Linux, Fedora and 1 more 2024-11-21 7.8 High
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
CVE-2022-0670 3 Fedoraproject, Linuxfoundation, Redhat 3 Fedora, Ceph, Ceph Storage 2024-11-21 9.1 Critical
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.