• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-1240
2022-04-14
N/A
7.8 HIGH
Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).
CVE-2022-1239
2022-05-09
N/A
8.8 HIGH
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks
CVE-2022-1238
2022-04-14
N/A
7.8 HIGH
Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).
CVE-2022-1237
2022-04-14
N/A
7.8 HIGH
Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).
CVE-2022-1236
2022-04-13
N/A
6.5 MEDIUM
Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.
CVE-2022-1235
2022-04-13
N/A
8.2 HIGH
Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.
CVE-2022-1234
2022-04-13
N/A
6.1 MEDIUM
XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.
CVE-2022-1233
2022-11-29
N/A
6.1 MEDIUM
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.
CVE-2022-1232
2022-09-01
N/A
8.8 HIGH
Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-1231
2022-05-13
N/A
6.1 MEDIUM
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).
« Previous 1 … 10,976 10,977 10,978 10,979 10,980 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE