Export limit exceeded: 353433 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81533 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0270 | 1 Mirantis | 1 Bored-agent | 2024-11-21 | 8.8 High |
| Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups. | ||||
| CVE-2022-0269 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 8.0 High |
| Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0. | ||||
| CVE-2022-0267 | 1 Adrotate Project | 1 Adrotate | 2024-11-21 | 7.2 High |
| The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection | ||||
| CVE-2022-0263 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.8 High |
| Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7. | ||||
| CVE-2022-0258 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 8.8 High |
| pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | ||||
| CVE-2022-0255 | 1 Deliciousbrains | 1 Database Backup | 2024-11-21 | 7.2 High |
| The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue | ||||
| CVE-2022-0244 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.6 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file. | ||||
| CVE-2022-0242 | 1 Craterapp | 1 Crater | 2024-11-21 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0. | ||||
| CVE-2022-0240 | 1 Mruby | 1 Mruby | 2024-11-21 | 7.5 High |
| mruby is vulnerable to NULL Pointer Dereference | ||||
| CVE-2022-0229 | 1 Miniorange | 1 Google Authenticator | 2024-11-21 | 8.1 High |
| The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable. | ||||
| CVE-2022-0228 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 7.2 High |
| The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection | ||||
| CVE-2022-0217 | 1 Prosody | 1 Prosody | 2024-11-21 | 7.5 High |
| It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611). | ||||
| CVE-2022-0214 | 1 Custom Popup Builder Project | 1 Custom Popup Builder | 2024-11-21 | 7.5 High |
| The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog | ||||
| CVE-2022-0198 | 1 Stanford | 1 Corenlp | 2024-11-21 | 7.1 High |
| corenlp is vulnerable to Improper Restriction of XML External Entity Reference | ||||
| CVE-2022-0197 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 8.8 High |
| phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2022-0196 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 8.8 High |
| phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2022-0192 | 1 Lenovo | 1 Pcmanager | 2024-11-21 | 7.3 High |
| A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. | ||||
| CVE-2022-0190 | 1 Acnam | 1 Ad Invalid Click Protector | 2024-11-21 | 8.8 High |
| The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action. | ||||
| CVE-2022-0180 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page. | ||||
| CVE-2022-0166 | 1 Mcafee | 1 Agent | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file. | ||||