• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0242
2022-01-25
N/A
7.2 HIGH
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
CVE-2022-0240
2022-01-24
N/A
7.5 HIGH
mruby is vulnerable to NULL Pointer Dereference
CVE-2022-0239
2022-01-22
N/A
9.8 CRITICAL
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
CVE-2022-0238
2022-02-22
N/A
4.3 MEDIUM
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-0237
Insight Agent, Rapid7
Appspider, Appspider_pro, Insight_agent, Insightappsec, Insightcloudsec, Insight_collector, Insightvm, Komand, Metasploit, Nexpose
2022-03-24
N/A
7.8 HIGH
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.
CVE-2022-0236
2022-01-24
N/A
7.5 HIGH
The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or exported information from a vulnerable site which can contain sensitive information like user data. This affects versions up to, and including, 3.9.15.
CVE-2022-0235
2023-02-03
N/A
6.1 MEDIUM
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-0234
2022-02-28
N/A
6.1 MEDIUM
The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting
CVE-2022-0233
2022-01-24
N/A
5.4 MEDIUM
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 1.2.7.
CVE-2022-0232
2022-01-24
N/A
4.8 MEDIUM
The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.2.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
« Previous 1 … 11,071 11,072 11,073 11,074 11,075 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE