Search Results (363683 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-3490 1 Themehigh 1 Checkout Field Editor For Woocommerce 2025-04-25 7.2 High
The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
CVE-2022-2983 1 Salat Times Project 1 Salat Times 2025-04-25 4.8 Medium
The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-0564 2 Microsoft, Qlik 2 Windows, Qlik Sense 2025-04-25 5.3 Medium
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. The affected URI is /internal_forms_authentication/ the response time of the form is longer if the supplied user does not exists and shorter if the user exists.
CVE-2021-32601 2025-04-25 N/A
Not used
CVE-2022-39240 1 Mygraph Project 1 Mygraph 2025-04-25 5.4 Medium
MyGraph is a permission management system. Versions prior to 1.0.4 are vulnerable to a storage XSS vulnerability leading to Remote Code Execution. This issue is patched in version 1.0.4. There is no known workaround.
CVE-2022-45307 1 Chocolatey 1 Chocolatey Php 2025-04-25 4.3 Medium
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.
CVE-2022-45306 1 Chocolatey 1 Chocolatey Azure-pipelines-agent 2025-04-25 4.3 Medium
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.
CVE-2022-45305 1 Chocolatey 1 Chocolatey Python3 2025-04-25 4.3 Medium
Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.
CVE-2022-45304 1 Chocolatey 1 Chocolatey Cmder 2025-04-25 4.3 Medium
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.
CVE-2022-45301 1 Chocolatey 1 Chocolatey Ruby 2025-04-25 4.3 Medium
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.
CVE-2022-45204 1 Gpac 1 Gpac 2025-04-25 5.5 Medium
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.
CVE-2022-45202 1 Gpac 1 Gpac 2025-04-25 7.8 High
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.
CVE-2022-44635 1 Apache 1 Fineract 2025-04-25 8.8 High
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.
CVE-2022-44356 1 Wavlink 2 Wl-wn531g3, Wl-wn531g3 Firmware 2025-04-25 7.5 High
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.
CVE-2022-44355 1 Contec 2 Solarview Compact, Solarview Compact Firmware 2025-04-25 6.1 Medium
SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.
CVE-2022-44096 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-25 9.8 Critical
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
CVE-2022-42445 1 Hcltechsw 1 Hcl Launch 2025-04-25 4.9 Medium
HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches.
CVE-2022-3865 1 Wp User Merger Project 1 Wp User Merger 2025-04-25 8.8 High
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin
CVE-2022-3850 1 Find And Replace All Project 1 Find And Replace All 2025-04-25 4.3 Medium
The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack
CVE-2022-3831 1 Recaptcha Project 1 Recaptcha 2025-04-25 4.8 Medium
The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).