Export limit exceeded: 353537 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81594 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0981 | 2 Quarkus, Redhat | 4 Quarkus, Camel Quarkus, Quarkus and 1 more | 2024-11-21 | 8.8 High |
| A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended. | ||||
| CVE-2022-0980 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. | ||||
| CVE-2022-0979 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0978 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0976 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0975 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0974 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0972 | 3 Apple, Google, Linux | 4 Macos, Android, Chrome and 1 more | 2024-11-21 | 8.8 High |
| Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0971 | 3 Apple, Google, Linux | 4 Macos, Android, Chrome and 1 more | 2024-11-21 | 8.8 High |
| Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0952 | 1 Sitemap Project | 1 Sitemap | 2024-11-21 | 8.8 High |
| The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog. | ||||
| CVE-2022-0944 | 1 Sqlpad | 1 Sqlpad | 2024-11-21 | 7.2 High |
| Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. | ||||
| CVE-2022-0943 | 5 Apple, Debian, Fedoraproject and 2 more | 5 Macos, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. | ||||
| CVE-2022-0935 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 8.8 High |
| Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. | ||||
| CVE-2022-0920 | 1 Salonbookingsystem | 1 Salon Booking System | 2024-11-21 | 7.5 High |
| The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data | ||||
| CVE-2022-0916 | 1 Logitech | 1 Options | 2024-11-21 | 8.4 High |
| An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | ||||
| CVE-2022-0913 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3. | ||||
| CVE-2022-0908 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-11-21 | 7.7 High |
| Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. | ||||
| CVE-2022-0905 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.1 High |
| Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. | ||||
| CVE-2022-0902 | 1 Abb | 14 Rmc-100, Rmc-100-lite, Rmc-100-lite Firmware and 11 more | 2024-11-21 | 8.1 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node. | ||||
| CVE-2022-0896 | 1 Microweber | 1 Microweber | 2024-11-21 | 8.8 High |
| Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. | ||||