Export limit exceeded: 11113 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11113 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0829 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.1 High |
| Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | ||||
| CVE-2022-0825 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 5.4 Medium |
| The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. | ||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | ||||
| CVE-2022-0756 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.5 Medium |
| Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | ||||
| CVE-2022-0755 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.3 Medium |
| Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | ||||
| CVE-2022-0745 | 1 Likebtn | 1 Like Button Rating | 2024-11-21 | 6.5 Medium |
| The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body | ||||
| CVE-2022-0740 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches. | ||||
| CVE-2022-0727 | 1 Framasoft | 1 Peertube | 2024-11-21 | 5.4 Medium |
| Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. | ||||
| CVE-2022-0726 | 1 Framasoft | 1 Peertube | 2024-11-21 | 5.4 Medium |
| Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. | ||||
| CVE-2022-0720 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 5.4 Medium |
| The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. | ||||
| CVE-2022-0670 | 3 Fedoraproject, Linuxfoundation, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-11-21 | 9.1 Critical |
| A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2. | ||||
| CVE-2022-0634 | 1 Caseproof | 1 Thirstyaffiliates Affiliate Link Manager | 2024-11-21 | 4.3 Medium |
| The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request. | ||||
| CVE-2022-0633 | 1 Updraftplus | 1 Updraftplus | 2024-11-21 | 6.5 Medium |
| The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup. | ||||
| CVE-2022-0594 | 1 Shareaholic | 1 Shareaholic | 2024-11-21 | 5.3 Medium |
| The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. | ||||
| CVE-2022-0577 | 2 Debian, Scrapy | 2 Debian Linux, Scrapy | 2024-11-21 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. | ||||
| CVE-2022-0574 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.5 Medium |
| Improper Access Control in GitHub repository publify/publify prior to 9.2.8. | ||||
| CVE-2022-0482 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.1 Critical |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. | ||||
| CVE-2022-0444 | 1 Watchful | 1 Xcloner | 2024-11-21 | 4.3 Medium |
| The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. | ||||
| CVE-2022-0406 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 4.3 Medium |
| Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. | ||||
| CVE-2022-0404 | 1 Material Design For Contact Form 7 Project | 1 Material Design For Contact Form 7 | 2024-11-21 | 6.5 Medium |
| The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site. | ||||