• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0757
Nexpose, Rapid7
Appspider, Appspider_pro, Insight_agent, Insightappsec, Insightcloudsec, Insight_collector, Insightvm, Komand, Metasploit, Nexpose
2022-04-07
N/A
8.8 HIGH
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.
CVE-2022-0756
2022-03-11
N/A
6.5 MEDIUM
Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVE-2022-0755
2022-03-11
N/A
4.3 MEDIUM
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVE-2022-0754
2022-03-11
N/A
6.5 MEDIUM
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.
CVE-2022-0753
2022-03-09
N/A
6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.
CVE-2022-0752
2022-03-10
N/A
6.1 MEDIUM
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
CVE-2022-0751
2022-04-05
N/A
8.8 HIGH
Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands
CVE-2022-0750
2022-03-29
N/A
5.4 MEDIUM
The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14.
CVE-2022-0749
2022-03-24
N/A
9.8 CRITICAL
This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.
CVE-2022-0748
2022-03-24
N/A
9.8 CRITICAL
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.
« Previous 1 … 11,022 11,023 11,024 11,025 11,026 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE