Total
4618 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1521 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. | |||||
| CVE-2022-1511 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4. | |||||
| CVE-2022-1423 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 7.1 HIGH |
| Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches | |||||
| CVE-2022-1384 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.0 MEDIUM | 4.7 MEDIUM |
| Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities. | |||||
| CVE-2022-1329 | 1 Elementor | 1 Website Builder | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2. | |||||
| CVE-2022-1054 | 1 Wpchill | 1 Rsvp And Event Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events | |||||
| CVE-2022-1020 | 1 Codeastrology | 1 Woo Product Table | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument | |||||
| CVE-2022-0932 | 1 Saleor | 1 Saleor | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in GitHub repository saleor/saleor prior to 3.1.2. | |||||
| CVE-2022-0919 | 1 Salonbookingsystem | 1 Salon Booking System | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. | |||||
| CVE-2022-0905 | 1 Gitea | 1 Gitea | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. | |||||
| CVE-2022-0871 | 1 Gogs | 1 Gogs | 2024-11-21 | 5.8 MEDIUM | 9.1 CRITICAL |
| Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. | |||||
| CVE-2022-0756 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||||
| CVE-2022-0755 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | |||||
| CVE-2022-0745 | 1 Likebtn | 1 Like Button Rating | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body | |||||
| CVE-2022-0726 | 1 Framasoft | 1 Peertube | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. | |||||
| CVE-2022-0611 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11. | |||||
| CVE-2022-0588 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
| Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | |||||
| CVE-2022-0579 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. | |||||
| CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 30 Ubuntu Linux, Debian Linux, Fedora and 27 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | |||||
| CVE-2022-0390 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
| Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | |||||