Export limit exceeded: 81668 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81668 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1808 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 8.8 High |
| Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. | ||||
| CVE-2022-1805 | 1 Teradici | 2 Tera2 Pcoip Zero Client, Tera2 Pcoip Zero Client Firmware | 2024-11-21 | 8.1 High |
| When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client. | ||||
| CVE-2022-1801 | 1 Very Simple Contact Form Project | 1 Very Simple Contact Form | 2024-11-21 | 7.5 High |
| The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots. | ||||
| CVE-2022-1800 | 1 Soflyy | 1 Export Any Wordpress Data To Xml\/csv | 2024-11-21 | 7.2 High |
| The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. | ||||
| CVE-2022-1796 | 1 Vim | 1 Vim | 2024-11-21 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 8.2.4979. | ||||
| CVE-2022-1791 | 1 One Click Plugin Updater Project | 1 One Click Plugin Updater | 2024-11-21 | 8.1 High |
| The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check. | ||||
| CVE-2022-1786 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-11-21 | 7.8 High |
| A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. | ||||
| CVE-2022-1784 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. | ||||
| CVE-2022-1779 | 1 Auto Delete Posts Project | 1 Auto Delete Posts | 2024-11-21 | 8.1 High |
| The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once. | ||||
| CVE-2022-1777 | 1 Filr Project | 1 Filr | 2024-11-21 | 8.8 High |
| The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones. | ||||
| CVE-2022-1770 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 8.8 High |
| Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. | ||||
| CVE-2022-1769 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | 7.8 High |
| Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. | ||||
| CVE-2022-1767 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. | ||||
| CVE-2022-1766 | 1 Anchore | 2 Anchore, Anchorectl | 2024-11-21 | 7.5 High |
| Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue. | ||||
| CVE-2022-1765 | 1 Hot Linked Image Cacher Project | 1 Hot Linked Image Cacher | 2024-11-21 | 8.8 High |
| The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules). | ||||
| CVE-2022-1762 | 1 Webence | 1 Iq Block Country | 2024-11-21 | 7.5 High |
| The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. | ||||
| CVE-2022-1758 | 1 Genki Pre-publish Reminder Project | 1 Genki Pre-publish Reminder | 2024-11-21 | 8.8 High |
| The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings. | ||||
| CVE-2022-1752 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 8.0 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. | ||||
| CVE-2022-1735 | 2 Apple, Vim | 2 Macos, Vim | 2024-11-21 | 7.8 High |
| Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. | ||||
| CVE-2022-1734 | 3 Debian, Linux, Netapp | 18 Debian Linux, Linux Kernel, H300e and 15 more | 2024-11-21 | 7.0 High |
| A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | ||||