Export limit exceeded: 348303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79703 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0464 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | ||||
| CVE-2022-0463 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | ||||
| CVE-2022-0460 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0459 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0458 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0457 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0456 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction. | ||||
| CVE-2022-0454 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0453 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0443 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-0440 | 1 Catchplugins | 1 Catch Themes Demo Import | 2024-11-21 | 7.2 High |
| The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true) | ||||
| CVE-2022-0439 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | 8.8 High |
| The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link. | ||||
| CVE-2022-0435 | 5 Fedoraproject, Linux, Netapp and 2 more | 40 Fedora, Linux Kernel, H300e and 37 more | 2024-11-21 | 8.8 High |
| A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. | ||||
| CVE-2022-0427 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.7 High |
| Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover | ||||
| CVE-2022-0420 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 7.2 High |
| The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks | ||||
| CVE-2022-0415 | 1 Gogs | 1 Gogs | 2024-11-21 | 8.8 High |
| Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | ||||
| CVE-2022-0413 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-0411 | 1 Asgaros | 1 Asgaros Forum | 2024-11-21 | 8.8 High |
| The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection | ||||
| CVE-2022-0409 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 7.8 High |
| Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2. | ||||
| CVE-2022-0408 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 7.8 High |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | ||||