CVE's - CVE Vulnerability

CVE

Vendors

Products

Updated

CVSS v2

CVSS v3

CVE-2022-0349

2022-03-11

N/A

9.8 CRITICAL

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection

CVE-2022-0348

2022-02-02

N/A

5.4 MEDIUM

Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.

CVE-2022-0347

2022-03-11

N/A

6.1 MEDIUM

The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

CVE-2022-0346

2022-05-30

N/A

6.1 MEDIUM

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.

CVE-2022-0345

2022-03-08

N/A

4.3 MEDIUM

The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).

CVE-2022-0344

2022-04-04

N/A

4.3 MEDIUM

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project

CVE-2022-0343

2022-04-07

N/A

7.8 HIGH

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2

CVE-2022-0342

Zywall 310 Firmware, Zyxel

Nas326_firmware, Nas326, Uag2100_firmware, Uag2100, Uag4100_firmware, Uag4100, Uag5100_firmware, Uag5100, Usg110_firmware, Usg110

2022-04-04

N/A

9.8 CRITICAL

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.

CVE-2022-0341

2022-03-18

N/A

5.4 MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.

CVE-2022-0339

2022-03-17

N/A

9.8 CRITICAL

Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.

« Previous 1 … 11,061 11,062 11,063 11,064 11,065 … 11,258 Next »