• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0425
2022-04-12
N/A
7.6 HIGH
A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.
CVE-2022-0424
2023-01-31
N/A
5.3 MEDIUM
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users
CVE-2022-0423
2022-03-28
N/A
5.4 MEDIUM
The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.
CVE-2022-0422
2022-03-11
N/A
6.1 MEDIUM
The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue
CVE-2022-0421
2022-11-23
N/A
6.1 MEDIUM
The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments
CVE-2022-0420
2022-03-11
N/A
7.2 HIGH
The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks
CVE-2022-0419
2022-08-06
N/A
5.5 MEDIUM
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.
CVE-2022-0418
2022-05-09
N/A
4.8 MEDIUM
The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed
CVE-2022-0417
2022-12-13
N/A
7.8 HIGH
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
CVE-2022-0415
2022-03-25
N/A
8.8 HIGH
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.
« Previous 1 … 11,054 11,055 11,056 11,057 11,058 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE