Export limit exceeded: 79820 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79820 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1791 | 1 One Click Plugin Updater Project | 1 One Click Plugin Updater | 2024-11-21 | 8.1 High |
| The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check. | ||||
| CVE-2022-1786 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-11-21 | 7.8 High |
| A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. | ||||
| CVE-2022-1784 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. | ||||
| CVE-2022-1779 | 1 Auto Delete Posts Project | 1 Auto Delete Posts | 2024-11-21 | 8.1 High |
| The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once. | ||||
| CVE-2022-1777 | 1 Filr Project | 1 Filr | 2024-11-21 | 8.8 High |
| The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones. | ||||
| CVE-2022-1770 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 8.8 High |
| Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. | ||||
| CVE-2022-1769 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | 7.8 High |
| Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. | ||||
| CVE-2022-1767 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. | ||||
| CVE-2022-1766 | 1 Anchore | 2 Anchore, Anchorectl | 2024-11-21 | 7.5 High |
| Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchorectl. Users of anchorectl version 0.1.4 should upgrade to anchorectl version 0.1.5 to resolve this issue. | ||||
| CVE-2022-1765 | 1 Hot Linked Image Cacher Project | 1 Hot Linked Image Cacher | 2024-11-21 | 8.8 High |
| The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules). | ||||
| CVE-2022-1762 | 1 Webence | 1 Iq Block Country | 2024-11-21 | 7.5 High |
| The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. | ||||
| CVE-2022-1758 | 1 Genki Pre-publish Reminder Project | 1 Genki Pre-publish Reminder | 2024-11-21 | 8.8 High |
| The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings. | ||||
| CVE-2022-1752 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 8.0 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. | ||||
| CVE-2022-1735 | 2 Apple, Vim | 2 Macos, Vim | 2024-11-21 | 7.8 High |
| Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. | ||||
| CVE-2022-1734 | 3 Debian, Linux, Netapp | 18 Debian Linux, Linux Kernel, H300e and 15 more | 2024-11-21 | 7.0 High |
| A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | ||||
| CVE-2022-1733 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. | ||||
| CVE-2022-1729 | 3 Linux, Netapp, Redhat | 9 Linux Kernel, Hci Baseboard Management Controller, Enterprise Linux and 6 more | 2024-11-21 | 7.0 High |
| A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. | ||||
| CVE-2022-1727 | 1 Diagrams | 1 Drawio | 2024-11-21 | 8.8 High |
| Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. | ||||
| CVE-2022-1723 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. | ||||
| CVE-2022-1721 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application. | ||||