Export limit exceeded: 79744 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79744 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1176 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 7.5 High |
| Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. | ||||
| CVE-2022-1175 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.7 High |
| Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes. | ||||
| CVE-2022-1160 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. | ||||
| CVE-2022-1158 | 3 Fedoraproject, Linux, Redhat | 8 Fedora, Linux Kernel, Enterprise Linux and 5 more | 2024-11-21 | 7.8 High |
| A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. | ||||
| CVE-2022-1155 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 7.4 High |
| Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. | ||||
| CVE-2022-1154 | 5 Debian, Fedoraproject, Oracle and 2 more | 5 Debian Linux, Fedora, Communications Cloud Native Core Network Exposure Function and 2 more | 2024-11-21 | 7.8 High |
| Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. | ||||
| CVE-2022-1145 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 High |
| Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction. | ||||
| CVE-2022-1144 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. | ||||
| CVE-2022-1143 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. | ||||
| CVE-2022-1142 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools. | ||||
| CVE-2022-1141 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user gesture. | ||||
| CVE-2022-1136 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures. | ||||
| CVE-2022-1135 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. | ||||
| CVE-2022-1134 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1133 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1131 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1130 | 1 Google | 2 Android, Chrome | 2024-11-21 | 8.1 High |
| Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. | ||||
| CVE-2022-1127 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | ||||
| CVE-2022-1125 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | ||||
| CVE-2022-1123 | 1 Mapsmarker | 1 Leaflet Maps Marker | 2024-11-21 | 7.2 High |
| The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks. | ||||