• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-1109
2023-02-01
N/A
7.5 HIGH
An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service.
CVE-2022-1108
2022-05-12
N/A
6.7 MEDIUM
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2022-1107
Lenovo, Thinkpad Yoga 260 Firmware
Legion_y520t_z370_firmware, Legion_y520t_z370, Aio310-20iap_firmware, Aio310-20iap, Aio510-22ish_firmware, Aio510-22ish, Aio510-23ish_firmware, Aio510-23ish, Aio520-22ikl_firmware, Aio520-22ikl
2022-05-12
N/A
6.7 MEDIUM
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.
CVE-2022-1106
2022-03-31
N/A
9.1 CRITICAL
use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.
CVE-2022-1105
2022-04-11
N/A
4.3 MEDIUM
An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled
CVE-2022-1104
2022-05-17
N/A
4.8 MEDIUM
The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2022-1103
2022-05-26
N/A
8.8 HIGH
The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE
CVE-2022-1102
2023-01-12
N/A
6.1 MEDIUM
A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability.
CVE-2022-1101
2023-01-12
N/A
9.8 CRITICAL
A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royal_event/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. The identifier VDB-195785 was assigned to this vulnerability.
CVE-2022-1100
2022-04-11
N/A
4.3 MEDIUM
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.
« Previous 1 … 10,988 10,989 10,990 10,991 10,992 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE