Medium
CVE-2022-3511
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as su…
Read moreUncategorized 2022
Page 3/27.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2022-11-28
High
CVE-2022-3490
The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to p…
Read moreMedium
CVE-2022-2983
The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_…
Read moreMedium
CVE-2022-2311
The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scri…
Read moreMedium
CVE-2021-25059
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the…
Read more2022-11-25
High
CVE-2022-38767
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.
Read more2022-11-23
Critical
CVE-2022-44118
dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.
Read moreCritical
CVE-2022-43196
dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php.
Read moreMedium
CVE-2022-40772
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
Read moreMedium
CVE-2022-41446
An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.
Read more2022-11-22
Critical
CVE-2022-4116
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
Read moreCritical
CVE-2022-44801
D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.
Read more2022-11-21
Medium
CVE-2022-38755
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the s…
Read moreHigh
CVE-2022-3763
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF che…
Read moreMedium
CVE-2022-3762
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate file…
Read moreMedium
CVE-2022-3753
The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even…
Read moreHigh
CVE-2022-3720
The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users
Read moreMedium
CVE-2022-3690
The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scriptin…
Read moreHigh
CVE-2022-3688
The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks
Read moreCritical
CVE-2022-3634
The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection
Read moreMedium
CVE-2022-3618
The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even w…
Read moreCritical
CVE-2022-3600
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
Read moreMedium
CVE-2022-3336
The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack
Read moreMedium
CVE-2022-1581
The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in cert…
Read moreHigh
CVE-2022-1579
The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.
Read moreHigh
CVE-2022-1578
The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack
Read moreCritical
CVE-2021-24649
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via w…
Read more2022-11-18
Medium
CVE-2022-45369
Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress.
Read moreCritical
CVE-2022-44584
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
Read moreHigh
CVE-2022-42459
Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress.
Read moreMedium
CVE-2022-41839
Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.
Read moreMedium
CVE-2022-42461
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress.
Read moreMedium
CVE-2022-41781
Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
Read moreMedium
CVE-2022-38974
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.
Read moreMedium
CVE-2022-45473
In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.
Read more2022-11-17
Medium
CVE-2022-45069
Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.
Read moreMedium
CVE-2022-45066
Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress.
Read moreMedium
CVE-2022-38461
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for…
Read moreCritical
CVE-2022-43782
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API u…
Read more2022-11-15
Medium
CVE-2022-20949
A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on a…
Read moreMedium
CVE-2022-40309
Users with write permissions to a repository can delete arbitrary directories.
Read moreHigh
CVE-2022-40308
If anonymous read enabled, it's possible to read the database file directly without logging in.
Read moreMedium
CVE-2022-25674
Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music
Read moreMedium
CVE-2022-40843
The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated…
Read more2022-11-14
Medium
CVE-2022-38705
IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a…
Read moreHigh
CVE-2022-45198
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
Read more2022-11-13
Medium
CVE-2022-3970
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow.…
Read more2022-11-11
High
CVE-2021-33164
Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access.
Read more2022-11-10
High
CVE-2022-41719
Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.
Read moreMedium
CVE-2022-3793
An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a…
Read moreMedium
CVE-2022-3726
Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click o…
Read moreLow
CVE-2022-3706
Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take o…
Read more2022-11-09
Medium
CVE-2022-3483
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A m…
Read moreMedium
CVE-2022-3285
Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab
Read moreMedium
CVE-2022-2761
An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GF…
Read moreHigh
CVE-2022-41123
Microsoft Exchange Server Elevation of Privilege Vulnerability
Read moreMedium
CVE-2022-41122
Microsoft SharePoint Server Spoofing Vulnerability
Read moreHigh
CVE-2022-41120
Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-41119
Visual Studio Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-41113
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-41109
Windows Win32k Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-41107
Microsoft Office Graphics Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-41106
Microsoft Excel Remote Code Execution Vulnerability
Read moreMedium
CVE-2022-41105
Microsoft Excel Information Disclosure Vulnerability
Read moreMedium
CVE-2022-41104
Microsoft Excel Security Feature Bypass Vulnerability
Read moreMedium
CVE-2022-41103
Microsoft Word Information Disclosure Vulnerability
Read moreHigh
CVE-2022-41102
Windows Overlay Filter Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-41101
Windows Overlay Filter Elevation of Privilege Vulnerability
Read moreMedium
CVE-2022-41099
BitLocker Security Feature Bypass Vulnerability
Read moreMedium
CVE-2022-41098
Windows GDI+ Information Disclosure Vulnerability
Read moreMedium
CVE-2022-41097
Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability
Read moreHigh
CVE-2022-41096
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-41095
Windows Digital Media Receiver Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-41092
Windows Win32k Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-41085
Azure CycleCloud Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-41080
Microsoft Exchange Server Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-41079
Microsoft Exchange Server Spoofing Vulnerability
Read moreHigh
CVE-2022-41078
Microsoft Exchange Server Spoofing Vulnerability
Read moreMedium
CVE-2022-41066
Microsoft Business Central Information Disclosure Vulnerability
Read moreMedium
CVE-2022-41064
.NET Framework Information Disclosure Vulnerability
Read moreHigh
CVE-2022-41063
Microsoft Excel Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-41062
Microsoft SharePoint Server Remote Code Execution Vulnerability
Read moreMedium
CVE-2022-41060
Microsoft Word Information Disclosure Vulnerability
Read moreHigh
CVE-2022-41058
Windows Network Address Translation (NAT) Denial of Service Vulnerability
Read moreHigh
CVE-2022-41057
Windows HTTP.sys Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-41056
Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability
Read moreMedium
CVE-2022-41055
Windows Human Interface Device Information Disclosure Vulnerability
Read moreHigh
CVE-2022-41054
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-41053
Windows Kerberos Denial of Service Vulnerability
Read moreHigh
CVE-2022-41052
Windows Graphics Component Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-41051
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-41050
Windows Extensible File Allocation Table Elevation of Privilege Vulnerability
Read moreMedium
CVE-2022-41049
Windows Mark of the Web Security Feature Bypass Vulnerability
Read moreHigh
CVE-2022-41048
Microsoft ODBC Driver Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-41047
Microsoft ODBC Driver Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-38023
Netlogon RPC Elevation of Privilege Vulnerability
Read moreMedium
CVE-2022-38015
Windows Hyper-V Denial of Service Vulnerability
Read moreHigh
CVE-2022-37992
Windows Group Policy Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-37967
Windows Kerberos Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-37966
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
Read moreMedium
CVE-2022-23824
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
Read moreHigh
CVE-2020-12931
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Read moreHigh
CVE-2020-12930
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Read moreHigh
CVE-2022-41978
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.
Read more2022-11-07
Medium
CVE-2022-43351
Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.
Read moreHigh
CVE-2022-43319
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.
Read moreCritical
CVE-2022-44797
btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.
Read more2022-11-03
High
CVE-2022-3852
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. Th…
Read moreHigh
CVE-2022-3776
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or inco…
Read moreMedium
CVE-2022-2696
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missin…
Read more2022-11-02
High
CVE-2022-41716
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL v…
Read moreMedium
CVE-2022-39949
An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate…
Read moreMedium
CVE-2022-38381
An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may a…
Read moreMedium
CVE-2022-38380
An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the A…
Read moreMedium
CVE-2022-38372
A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the devic…
Read moreLow
CVE-2022-30307
A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in th…
Read more2022-11-01
Medium
CVE-2022-3660
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (C…
Read moreMedium
CVE-2022-42824
A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web co…
Read moreMedium
CVE-2022-42790
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. A user may be able to v…
Read moreMedium
CVE-2022-42789
An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive…
Read more