• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-1588
2022-05-23
N/A
N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2022-1587
2022-12-07
N/A
9.1 CRITICAL
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
CVE-2022-1586
2022-12-07
N/A
9.1 CRITICAL
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
CVE-2022-1585
2022-08-04
N/A
7.5 HIGH
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php.
CVE-2022-1584
2022-05-11
N/A
6.1 MEDIUM
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim
CVE-2022-1583
2022-06-09
N/A
6.5 MEDIUM
The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.
CVE-2022-1582
2022-06-08
N/A
6.1 MEDIUM
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.
CVE-2022-1581
2022-11-23
N/A
5.3 MEDIUM
The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.
CVE-2022-1580
2022-09-21
N/A
4.3 MEDIUM
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.
CVE-2022-1579
2022-11-23
N/A
7.5 HIGH
The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.
« Previous 1 … 10,943 10,944 10,945 10,946 10,947 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE