CVE's - CVE Vulnerability

CVE

Vendors

Products

Updated

CVSS v2

CVSS v3

CVE-2022-1505

2022-05-17

N/A

7.5 HIGH

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6.

CVE-2022-1504

2022-05-05

N/A

6.1 MEDIUM

XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.

CVE-2022-1503

2022-05-05

N/A

5.4 MEDIUM

A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory.

CVE-2022-1502

2022-07-27

N/A

4.3 MEDIUM

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.

CVE-2022-1501

2022-10-26

N/A

6.5 MEDIUM

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2022-1500

2022-10-26

N/A

6.5 MEDIUM

Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2022-1499

2022-10-26

N/A

6.3 MEDIUM

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CVE-2022-1498

2022-10-26

N/A

4.3 MEDIUM

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2022-1497

2022-10-26

N/A

6.5 MEDIUM

Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.

CVE-2022-1496

2022-10-26

N/A

8.8 HIGH

Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.

« Previous 1 … 10,951 10,952 10,953 10,954 10,955 … 11,258 Next »