Export limit exceeded: 80229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80229 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2580 | 1 Vim | 1 Vim | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. | ||||
| CVE-2022-2576 | 1 Eclipse | 1 Californium | 2024-11-21 | 7.5 High |
| In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0. | ||||
| CVE-2022-2571 | 1 Vim | 1 Vim | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. | ||||
| CVE-2022-2565 | 1 Paymattic | 1 Simple Payment Donations \& Subscriptions | 2024-11-21 | 7.2 High |
| The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins | ||||
| CVE-2022-2559 | 1 Wpmanageninja | 1 Fluent Support | 2024-11-21 | 7.2 High |
| The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users | ||||
| CVE-2022-2557 | 1 Radiustheme | 1 Team - Wordpress Team Members Showcase | 2024-11-21 | 8.8 High |
| The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user | ||||
| CVE-2022-2550 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 8.8 High |
| OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. | ||||
| CVE-2022-2544 | 1 Wpmanageninja | 1 Ninja Job Board | 2024-11-21 | 7.5 High |
| The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes. | ||||
| CVE-2022-2522 | 1 Vim | 1 Vim | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. | ||||
| CVE-2022-2497 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. | ||||
| CVE-2022-2493 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.1 High |
| Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0. | ||||
| CVE-2022-2481 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction. | ||||
| CVE-2022-2480 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-2478 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-2477 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-2472 | 1 Ezviz | 2 Cs-c6n-a0-1c2wfr, Cs-c6n-a0-1c2wfr Firmware | 2024-11-21 | 7.6 High |
| Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. | ||||
| CVE-2022-2458 | 1 Redhat | 2 Jboss Enterprise Bpms Platform, Process Automation Manager | 2024-11-21 | 8.2 High |
| XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs. | ||||
| CVE-2022-2454 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV. | ||||
| CVE-2022-2453 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV. | ||||
| CVE-2022-2415 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||