Export limit exceeded: 17830 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11480 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1553 | 1 Publify Project | 1 Publify | 2024-11-21 | 4.9 Medium |
| Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users. | ||||
| CVE-2022-1426 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2 Low |
| An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token. | ||||
| CVE-2022-1349 | 1 2code | 1 Wpqa Builder | 2024-11-21 | 4.3 Medium |
| The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user. | ||||
| CVE-2022-1227 | 4 Fedoraproject, Podman Project, Psgo Project and 1 more | 19 Fedora, Podman, Psgo and 16 more | 2024-11-21 | 8.8 High |
| A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. | ||||
| CVE-2022-1224 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 6.5 Medium |
| Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | ||||
| CVE-2022-1065 | 1 Abacus | 5 Abacus Erp 2018, Abacus Erp 2019, Abacus Erp 2020 and 2 more | 2024-11-21 | 8.1 High |
| A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions. | ||||
| CVE-2022-1049 | 3 Clusterlabs, Debian, Redhat | 3 Pcs, Debian Linux, Enterprise Linux | 2024-11-21 | 8.8 High |
| A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. | ||||
| CVE-2022-1025 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 8.8 High |
| All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. | ||||
| CVE-2022-0985 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
| Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. | ||||
| CVE-2022-0916 | 1 Logitech | 1 Options | 2024-11-21 | 8.4 High |
| An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | ||||
| CVE-2022-0910 | 1 Zyxel | 64 Atp100, Atp100 Firmware, Atp100w and 61 more | 2024-11-21 | 6.5 Medium |
| A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled. | ||||
| CVE-2022-0862 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 3.1 Low |
| A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user. | ||||
| CVE-2022-0860 | 2 Cobbler Project, Fedoraproject | 2 Cobbler, Fedora | 2024-11-21 | 9.1 Critical |
| Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. | ||||
| CVE-2022-0829 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.1 High |
| Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | ||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | ||||
| CVE-2022-0821 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 6.5 Medium |
| Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. | ||||
| CVE-2022-0732 | 1 1byte | 9 Copy9, Exactspy, Fonetracker and 6 more | 2024-11-21 | 7.5 High |
| The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. | ||||
| CVE-2022-0731 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.5 Medium |
| Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
| CVE-2022-0730 | 3 Cacti, Debian, Fedoraproject | 3 Cacti, Debian Linux, Fedora | 2024-11-21 | 9.8 Critical |
| Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. | ||||
| CVE-2022-0727 | 1 Framasoft | 1 Peertube | 2024-11-21 | 5.4 Medium |
| Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. | ||||