Export limit exceeded: 79732 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79732 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1042 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.2 High |
| In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | ||||
| CVE-2022-1041 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.2 High |
| In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning. | ||||
| CVE-2022-1037 | 1 Villatheme | 1 Exmage | 2024-11-21 | 7.2 High |
| The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs | ||||
| CVE-2022-1036 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12. | ||||
| CVE-2022-1034 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 7.2 High |
| There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. | ||||
| CVE-2022-1033 | 1 Craterapp | 1 Crater | 2024-11-21 | 7.8 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. | ||||
| CVE-2022-1032 | 1 Craterapp | 1 Crater | 2024-11-21 | 7.2 High |
| Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. | ||||
| CVE-2022-1031 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6. | ||||
| CVE-2022-1030 | 3 Apple, Linux, Okta | 3 Macos, Linux Kernel, Advanced Server Access | 2024-11-21 | 8.8 High |
| Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system. | ||||
| CVE-2022-1026 | 1 Kyocera | 1 Net Viewer | 2024-11-21 | 8.6 High |
| Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. | ||||
| CVE-2022-1025 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 8.8 High |
| All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. | ||||
| CVE-2022-1023 | 1 Secondlinethemes | 1 Podcast Importer Secondline | 2024-11-21 | 7.2 High |
| The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file | ||||
| CVE-2022-1012 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Rhel E4s and 2 more | 2024-11-21 | 8.2 High |
| A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. | ||||
| CVE-2022-1011 | 6 Debian, Fedoraproject, Linux and 3 more | 39 Debian Linux, Fedora, Linux Kernel and 36 more | 2024-11-21 | 7.8 High |
| A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. | ||||
| CVE-2022-1008 | 1 Ocdi | 1 One Click Demo Import | 2024-11-21 | 7.2 High |
| The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed | ||||
| CVE-2022-1006 | 1 Elbtide | 1 Advanced Booking Calendar | 2024-11-21 | 7.2 High |
| The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks | ||||
| CVE-2022-0998 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.8 High |
| An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||||
| CVE-2022-0995 | 3 Fedoraproject, Linux, Netapp | 24 Fedora, Linux Kernel, H300e and 21 more | 2024-11-21 | 7.8 High |
| An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. | ||||
| CVE-2022-0991 | 1 Admidio | 1 Admidio | 2024-11-21 | 7.1 High |
| Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. | ||||
| CVE-2022-0989 | 1 Nsthemes | 1 Ns Watermark For Woocommerce | 2024-11-21 | 7.5 High |
| An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. | ||||