Export limit exceeded: 86095 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (86095 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0295 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0293 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0289 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0284 1 Imagemagick 1 Imagemagick 2024-11-21 7.1 High
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.
CVE-2022-0281 1 Microweber 1 Microweber 2024-11-21 7.5 High
Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0280 2 Mcafee, Microsoft 2 Total Protection, Windows 2024-11-21 7.5 High
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
CVE-2022-0270 1 Mirantis 1 Bored-agent 2024-11-21 8.8 High
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups.
CVE-2022-0269 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 8.0 High
Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
CVE-2022-0267 1 Adrotate Project 1 Adrotate 2024-11-21 7.2 High
The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to a SQL injection
CVE-2022-0263 1 Pimcore 1 Pimcore 2024-11-21 7.8 High
Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.
CVE-2022-0258 1 Pimcore 1 Pimcore 2024-11-21 8.8 High
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CVE-2022-0255 1 Deliciousbrains 1 Database Backup 2024-11-21 7.2 High
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue
CVE-2022-0244 1 Gitlab 1 Gitlab 2024-11-21 8.6 High
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.
CVE-2022-0242 1 Craterapp 1 Crater 2024-11-21 7.2 High
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.
CVE-2022-0240 1 Mruby 1 Mruby 2024-11-21 7.5 High
mruby is vulnerable to NULL Pointer Dereference
CVE-2022-0229 1 Miniorange 1 Google Authenticator 2024-11-21 8.1 High
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.
CVE-2022-0228 1 Sygnoos 1 Popup Builder 2024-11-21 7.2 High
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection
CVE-2022-0217 1 Prosody 1 Prosody 2024-11-21 7.5 High
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).
CVE-2022-0214 1 Custom Popup Builder Project 1 Custom Popup Builder 2024-11-21 7.5 High
The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog
CVE-2022-0198 1 Stanford 1 Corenlp 2024-11-21 7.1 High
corenlp is vulnerable to Improper Restriction of XML External Entity Reference