Export limit exceeded: 10541 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10541 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0920 | 1 Salonbookingsystem | 1 Salon Booking System | 2024-11-21 | 7.5 High |
| The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data | ||||
| CVE-2022-0919 | 1 Salonbookingsystem | 1 Salon Booking System | 2024-11-21 | 5.3 Medium |
| The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. | ||||
| CVE-2022-0905 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.1 High |
| Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. | ||||
| CVE-2022-0885 | 1 Memberhero | 1 Member Hero | 2024-11-21 | 9.8 Critical |
| The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. | ||||
| CVE-2022-0871 | 1 Gogs | 1 Gogs | 2024-11-21 | 9.1 Critical |
| Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. | ||||
| CVE-2022-0860 | 2 Cobbler Project, Fedoraproject | 2 Cobbler, Fedora | 2024-11-21 | 9.1 Critical |
| Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. | ||||
| CVE-2022-0837 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 5.4 Medium |
| The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification. | ||||
| CVE-2022-0833 | 1 Church Admin Project | 1 Church Admin | 2024-11-21 | 4.3 Medium |
| The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file generated by the plugin in order to disclose the final backup filename, which can then be fetched by the attacker to download the backup of the plugin's DB data | ||||
| CVE-2022-0829 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.1 High |
| Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | ||||
| CVE-2022-0825 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 5.4 Medium |
| The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. | ||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | ||||
| CVE-2022-0756 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.5 Medium |
| Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | ||||
| CVE-2022-0755 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.3 Medium |
| Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. | ||||
| CVE-2022-0745 | 1 Likebtn | 1 Like Button Rating | 2024-11-21 | 6.5 Medium |
| The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body | ||||
| CVE-2022-0740 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches. | ||||
| CVE-2022-0727 | 1 Framasoft | 1 Peertube | 2024-11-21 | 5.4 Medium |
| Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. | ||||
| CVE-2022-0726 | 1 Framasoft | 1 Peertube | 2024-11-21 | 5.4 Medium |
| Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. | ||||
| CVE-2022-0720 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 5.4 Medium |
| The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. | ||||
| CVE-2022-0670 | 3 Fedoraproject, Linuxfoundation, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-11-21 | 9.1 Critical |
| A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2. | ||||
| CVE-2022-0634 | 1 Caseproof | 1 Thirstyaffiliates Affiliate Link Manager | 2024-11-21 | 4.3 Medium |
| The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker to trick a logged in user to perform the action by crafting a special request. | ||||