Export limit exceeded: 349675 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80215 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2306 | 1 Heroiclabs | 1 Nakama | 2024-11-21 | 7.5 High |
| Old session tokens can be used to authenticate to the application and send authenticated requests. | ||||
| CVE-2022-2296 | 2 Fedoraproject, Google | 4 Extra Packages For Enterprise Linux, Fedora, Chrome and 1 more | 2024-11-21 | 8.8 High |
| Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. | ||||
| CVE-2022-2295 | 2 Fedoraproject, Google | 3 Extra Packages For Enterprise Linux, Fedora, Chrome | 2024-11-21 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-2289 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 9.0. | ||||
| CVE-2022-2288 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. | ||||
| CVE-2022-2287 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.1 High |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | ||||
| CVE-2022-2286 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | ||||
| CVE-2022-2285 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 7.8 High |
| Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | ||||
| CVE-2022-2284 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | ||||
| CVE-2022-2273 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | 8.8 High |
| The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request. | ||||
| CVE-2022-2268 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 7.2 High |
| The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE | ||||
| CVE-2022-2264 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | ||||
| CVE-2022-2261 | 1 Xplodedthemes | 1 Wpide | 2024-11-21 | 7.2 High |
| The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue. | ||||
| CVE-2022-2257 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | ||||
| CVE-2022-2255 | 3 Debian, Modwsgi, Redhat | 3 Debian Linux, Mod Wsgi, Enterprise Linux | 2024-11-21 | 7.5 High |
| A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing. | ||||
| CVE-2022-2245 | 1 Wow-company | 1 Counter Box | 2024-11-21 | 8.8 High |
| The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks | ||||
| CVE-2022-2240 | 1 Emarketdesign | 1 Request A Quote | 2024-11-21 | 8.8 High |
| The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it | ||||
| CVE-2022-2235 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.7 High |
| Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link | ||||
| CVE-2022-2230 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.1 High |
| A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf. | ||||
| CVE-2022-2229 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of. | ||||