• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0373
2022-04-12
N/A
4.3 MEDIUM
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address
CVE-2022-0372
2022-02-02
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.
CVE-2022-0371
2022-04-04
N/A
4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private.
CVE-2022-0370
2022-02-02
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-0368
2022-11-09
N/A
7.8 HIGH
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0367
2022-09-30
N/A
7.8 HIGH
A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
CVE-2022-0366
2022-02-07
N/A
8.8 HIGH
An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1.
CVE-2022-0365
2022-02-09
N/A
9.8 CRITICAL
The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user.
CVE-2022-0364
2022-03-28
N/A
5.4 MEDIUM
The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
CVE-2022-0363
2022-05-03
N/A
4.3 MEDIUM
The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts.
« Previous 1 … 11,059 11,060 11,061 11,062 11,063 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE