• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0832
2022-03-10
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
CVE-2022-0831
2022-03-10
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
CVE-2022-0830
2022-06-03
N/A
6.5 MEDIUM
The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them.
CVE-2022-0829
2022-05-13
N/A
8.1 HIGH
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
CVE-2022-0828
2022-04-15
N/A
7.5 HIGH
The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.
CVE-2022-0827
2022-06-17
N/A
9.8 CRITICAL
The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
CVE-2022-0826
2022-05-16
N/A
9.8 CRITICAL
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
CVE-2022-0825
2022-06-03
N/A
5.4 MEDIUM
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
CVE-2022-0824
2022-11-21
N/A
8.8 HIGH
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVE-2022-0823
2022-06-15
N/A
6.2 MEDIUM
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.
« Previous 1 … 11,015 11,016 11,017 11,018 11,019 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE