• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0768
2022-03-08
N/A
9.1 CRITICAL
Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2.
CVE-2022-0767
2022-03-14
N/A
9.9 CRITICAL
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVE-2022-0766
2022-03-11
N/A
9.8 CRITICAL
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.
CVE-2022-0765
2022-04-27
N/A
5.4 MEDIUM
The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by default) to add arbitrary javascript payloads to the source strings leading to a stored cross-site scripting (XSS) vulnerability.
CVE-2022-0764
2022-07-22
N/A
6.7 MEDIUM
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.
CVE-2022-0763
2022-03-08
N/A
4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0762
2022-03-08
N/A
4.3 MEDIUM
Business Logic Errors in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0760
2022-03-28
N/A
9.8 CRITICAL
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
CVE-2022-0759
2022-04-07
N/A
8.1 HIGH
A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM).
CVE-2022-0758
Nexpose, Rapid7
Appspider, Appspider_pro, Insight_agent, Insightappsec, Insightcloudsec, Insight_collector, Insightvm, Komand, Metasploit, Nexpose
2022-03-24
N/A
6.1 MEDIUM
Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.
« Previous 1 … 11,021 11,022 11,023 11,024 11,025 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE