Total
6212 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0833 | 1 Church Admin Project | 1 Church Admin | 2024-11-21 | 4.3 Medium |
| The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data | ||||
| CVE-2022-0756 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.5 Medium |
| Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | ||||
| CVE-2022-0755 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.3 Medium |
| Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | ||||
| CVE-2022-0745 | 1 Likebtn | 1 Like Button Rating | 2024-11-21 | 6.5 Medium |
| The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body | ||||
| CVE-2022-0726 | 1 Framasoft | 1 Peertube | 2024-11-21 | 5.4 Medium |
| Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. | ||||
| CVE-2022-0634 | 1 Caseproof | 1 Thirstyaffiliates Affiliate Link Manager | 2024-11-21 | 4.3 Medium |
| The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request. | ||||
| CVE-2022-0611 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.3 Medium |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11. | ||||
| CVE-2022-0588 | 1 Librenms | 1 Librenms | 2024-11-21 | 7.1 High |
| Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | ||||
| CVE-2022-0579 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.5 Medium |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. | ||||
| CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 36 Ubuntu Linux, Debian Linux, Fedora and 33 more | 2024-11-21 | 7.8 High |
| A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | ||||
| CVE-2022-0444 | 1 Watchful | 1 Xcloner | 2024-11-21 | 4.3 Medium |
| The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. | ||||
| CVE-2022-0404 | 1 Material Design For Contact Form 7 Project | 1 Material Design For Contact Form 7 | 2024-11-21 | 6.5 Medium |
| The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site. | ||||
| CVE-2022-0398 | 1 Caseproof | 1 Thirstyaffiliates Affiliate Link Manager | 2024-11-21 | 5.4 Medium |
| The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website | ||||
| CVE-2022-0390 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | ||||
| CVE-2022-0345 | 1 Madewithfuel | 1 Customize Wordpress Emails And Alerts | 2024-11-21 | 4.3 Medium |
| The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.). | ||||
| CVE-2022-0229 | 1 Miniorange | 1 Google Authenticator | 2024-11-21 | 8.1 High |
| The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable. | ||||
| CVE-2022-0203 | 1 Craterapp | 1 Crater | 2024-11-21 | 5.3 Medium |
| Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. | ||||
| CVE-2022-0179 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.4 Medium |
| snipe-it is vulnerable to Missing Authorization | ||||
| CVE-2022-0178 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.3 Medium |
| Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8. | ||||
| CVE-2022-0164 | 1 Wpdevart | 1 Coming Soon And Maintenance Mode | 2024-11-21 | 4.3 Medium |
| The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users | ||||