• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-1936
2022-06-13
N/A
6.5 MEDIUM
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured
CVE-2022-1935
2022-06-13
N/A
6.5 MEDIUM
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured
CVE-2022-1934
2022-06-08
N/A
7.8 HIGH
Use After Free in GitHub repository mruby/mruby prior to 3.2.
CVE-2022-1933
2022-07-18
N/A
6.1 MEDIUM
The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting
CVE-2022-1932
2022-08-25
N/A
6.1 MEDIUM
The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file
CVE-2022-1931
2022-06-08
N/A
8.1 HIGH
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.
CVE-2022-1930
2022-08-25
N/A
7.5 HIGH
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method
CVE-2022-1929
2022-06-11
N/A
7.5 HIGH
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
CVE-2022-1928
2022-11-16
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.
CVE-2022-1927
2022-10-31
N/A
7.8 HIGH
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
« Previous 1 … 10,910 10,911 10,912 10,913 10,914 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE