Export limit exceeded: 79760 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79760 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1478 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1477 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1472 | 1 Codesolz | 1 Better Find And Replace | 2024-11-21 | 7.2 High |
| The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection | ||||
| CVE-2022-1459 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.3 High |
| Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. | ||||
| CVE-2022-1452 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.1 High |
| Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html). | ||||
| CVE-2022-1451 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.1 High |
| Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html). | ||||
| CVE-2022-1441 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 7.8 High |
| MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. | ||||
| CVE-2022-1437 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.1 High |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. | ||||
| CVE-2022-1430 | 1 Octoprint | 1 Octoprint | 2024-11-21 | 7.5 High |
| Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. | ||||
| CVE-2022-1429 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data | ||||
| CVE-2022-1427 | 1 Mruby | 1 Mruby | 2024-11-21 | 7.8 High |
| Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. | ||||
| CVE-2022-1423 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.1 High |
| Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches | ||||
| CVE-2022-1419 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 7.8 High |
| The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. | ||||
| CVE-2022-1415 | 1 Redhat | 16 Camel Quarkus, Camel Spring Boot, Decision Manager and 13 more | 2024-11-21 | 8.1 High |
| A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server. | ||||
| CVE-2022-1412 | 1 Premierethemes | 1 Log Wp Mail | 2024-11-21 | 7.5 High |
| The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. | ||||
| CVE-2022-1410 | 1 Device42 | 1 Cmdb | 2024-11-21 | 8 High |
| OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions. | ||||
| CVE-2022-1409 | 1 Vikwp | 1 Hotel Booking Engine \& Pms | 2024-11-21 | 7.2 High |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code | ||||
| CVE-2022-1400 | 1 Device42 | 1 Cmdb | 2024-11-21 | 7.1 High |
| Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00. | ||||
| CVE-2022-1397 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 8.8 High |
| API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover. | ||||
| CVE-2022-1392 | 1 Commoninja | 1 Videos Sync Pdf | 2024-11-21 | 7.5 High |
| The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues | ||||