• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-0167
2022-07-13
N/A
6.1 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions.
CVE-2022-0166
Agent, Mcafee
Total_protection, Data_loss_prevention_endpoint, True_key, Endpoint_security, Client_proxy, Active_response, Active_virus_defense, Active_virusscan, Advanced_threat_defense, Agent
2022-01-25
N/A
7.8 HIGH
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.
CVE-2022-0165
2022-03-21
N/A
8.8 HIGH
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users
CVE-2022-0164
Coming Soon And Maintenance Mode, Wpdevart
Booking_calendar, Coming_soon_and_maintenance_mode, Countdown_and_countup,_woocommerce_sales_timer, Download_image_and_video_lightbox,_image_popup, Duplicate_page_or_post, Gallery, Image_and_video_gallery_with_thumbnails, Organization_chart, Poll,_survey,_questionnaire_and_voting_system, Pricing_table_builder
2022-02-28
N/A
4.3 MEDIUM
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users
CVE-2022-0163
2022-03-11
N/A
6.5 MEDIUM
The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive information such as PII depending on the form.
CVE-2022-0162
Tl-wr841n Firmware, Tp-link
M7350_firmware, M7350, Tl-wr840n_firmware, Tl-wr840n, Archer_c3200_v1_firmware, Archer_c3200_v1, Archer_c2_v1_firmware, Archer_c2_v1, Archer_c1200_firmware, Archer_c1200
2022-02-17
N/A
9.8 CRITICAL
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.
CVE-2022-0161
2022-03-23
N/A
6.1 MEDIUM
The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2022-0159
2022-01-18
N/A
5.4 MEDIUM
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0158
2022-08-26
N/A
3.3 LOW
vim is vulnerable to Heap-based Buffer Overflow
CVE-2022-0157
2022-02-22
N/A
5.4 MEDIUM
phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
« Previous 1 … 11,078 11,079 11,080 11,081 11,082 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE