• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0349
2022-03-11
N/A
9.8 CRITICAL
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection
CVE-2022-0348
2022-02-02
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.
CVE-2022-0347
2022-03-11
N/A
6.1 MEDIUM
The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
CVE-2022-0346
2022-05-30
N/A
6.1 MEDIUM
The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.
CVE-2022-0345
2022-03-08
N/A
4.3 MEDIUM
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).
CVE-2022-0344
2022-04-04
N/A
4.3 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project
CVE-2022-0343
2022-04-07
N/A
7.8 HIGH
A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2
CVE-2022-0342
Zywall 310 Firmware, Zyxel
Nas326_firmware, Nas326, Uag2100_firmware, Uag2100, Uag4100_firmware, Uag4100, Uag5100_firmware, Uag5100, Usg110_firmware, Usg110
2022-04-04
N/A
9.8 CRITICAL
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.
CVE-2022-0341
2022-03-18
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.
CVE-2022-0339
2022-03-17
N/A
9.8 CRITICAL
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
« Previous 1 … 11,061 11,062 11,063 11,064 11,065 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE