• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-1905
E-dynamics, Events Made Easy
Events_made_easy
2022-06-28
N/A
9.8 CRITICAL
The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVE-2022-1904
2022-07-06
N/A
6.1 MEDIUM
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting
CVE-2022-1903
2022-07-06
N/A
8.1 HIGH
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username
CVE-2022-1902
Advanced Cluster Security, Redhat
Jboss_core_services, Enterprise_linux, Jboss_enterprise_application_platform, Enterprise_linux_server, Jboss_amq_clients_2, Openstack, Virtualization, Virtualization_host, Single_sign-on, Openshift_container_platform
2023-02-12
N/A
8.8 HIGH
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
CVE-2022-1901
2022-08-20
N/A
5.3 MEDIUM
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.
CVE-2022-1900
2022-06-21
N/A
8.8 HIGH
The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2022-1899
2022-06-03
N/A
9.1 CRITICAL
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.
CVE-2022-1898
2022-12-08
N/A
7.8 HIGH
Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-1897
2022-12-03
N/A
7.8 HIGH
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-1896
2022-06-28
N/A
4.8 MEDIUM
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed.
« Previous 1 … 10,913 10,914 10,915 10,916 10,917 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE