Export limit exceeded: 335880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9516 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47553 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | 8.6 High |
| Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server. | ||||
| CVE-2022-47002 | 1 Masacms | 1 Masacms | 2024-11-21 | 9.8 Critical |
| A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request. | ||||
| CVE-2022-46850 | 1 Easy Media Replace Project | 1 Easy Media Replace | 2024-11-21 | 8.7 High |
| Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions. | ||||
| CVE-2022-46080 | 1 Nexxtsolutions | 2 Nebula1200-ac, Nebula1200-ac Firmware | 2024-11-21 | 9.8 Critical |
| Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET. | ||||
| CVE-2022-45851 | 2024-11-21 | 5.4 Medium | ||
| Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4. | ||||
| CVE-2022-45832 | 1 Hennessey | 1 Attorney | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3. | ||||
| CVE-2022-45803 | 1 Gutenbergforms | 1 Gutenberg Forms | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3. | ||||
| CVE-2022-45544 | 1 Schlix | 1 Cms | 2024-11-21 | 8.8 High |
| Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role. | ||||
| CVE-2022-45070 | 2024-11-21 | 5.3 Medium | ||
| Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3. | ||||
| CVE-2022-44633 | 2024-11-21 | 6.5 Medium | ||
| Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. | ||||
| CVE-2022-43712 | 1 Gxsoftware | 1 Xperiencentral | 2024-11-21 | 6.5 Medium |
| POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965. | ||||
| CVE-2022-43453 | 1 Billminozzi | 1 Wp Tools | 2024-11-21 | 8.8 High |
| Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through 3.41. | ||||
| CVE-2022-42724 | 1 Misp-project | 1 Malware Information Sharing Platform | 2024-11-21 | 4.3 Medium |
| app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). | ||||
| CVE-2022-42344 | 2 Adobe, Magento | 2 Commerce, Magento | 2024-11-21 | 8.8 High |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation. | ||||
| CVE-2022-41786 | 1 Wpjobportal | 1 Wp Job Portal | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1. | ||||
| CVE-2022-41619 | 1 Sedlex | 1 Image Zoom | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8. | ||||
| CVE-2022-41574 | 1 Gradle | 1 Enterprise | 2024-11-21 | 7.5 High |
| An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2. | ||||
| CVE-2022-40975 | 2024-11-21 | 5.4 Medium | ||
| Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7. | ||||
| CVE-2022-40702 | 1 Zorem | 1 Advanced Local Pickup For Woocommerce | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. | ||||
| CVE-2022-40682 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.1 High |
| A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. | ||||