Latest CVE Feed
-
8.2
HIGHCVE-2022-0736
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.... Read more
Affected Products : mlflow- Published: Feb. 23, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-0735
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration... Read more
Affected Products : gitlab- Published: Mar. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2022-0734
A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firm... Read more
Affected Products : usg210_firmware usg310_firmware usg2200_firmware usg_20w_firmware usg_40_firmware usg_40w_firmware usg_60_firmware usg_60w_firmware usg_110_firmware usg_2200-vpn_firmware +54 more products- Published: May. 24, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.... Read more
Affected Products : copy9 exactspy fonetracker guestspy ispyoo mxspy secondclone the_truth_spy thespyapp- Published: Feb. 24, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-0731
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.... Read more
Affected Products : dolibarr_erp\/crm- Published: Feb. 23, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-0730
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.... Read more
- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-0729
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.... Read more
- Published: Feb. 23, 2022
- Modified: Nov. 21, 2024
-
4.8
MEDIUMCVE-2022-0728
The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more
Affected Products : easy_smooth_scroll_links- Published: Apr. 11, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-0727
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.... Read more
Affected Products : peertube- Published: Feb. 23, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-0726
Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.... Read more
Affected Products : peertube- Published: Feb. 23, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-0725
A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.... Read more
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2022-0724
Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.... Read more
- Published: Feb. 23, 2022
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2022-0723
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11.... Read more
- Published: Feb. 26, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-0722
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0.... Read more
Affected Products : parse-url- Published: Jun. 27, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-0721
Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.... Read more
- Published: Feb. 23, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-0720
The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number ... Read more
Affected Products : amelia- Published: Mar. 28, 2022
- Modified: Nov. 21, 2024
-
7.6
HIGHCVE-2022-0719
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.... Read more
- Published: Feb. 23, 2022
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2022-0718
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.... Read more
- Published: Aug. 29, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2022-0717
Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.... Read more
Affected Products : mruby- Published: Feb. 23, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2022-0715
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series I... Read more
Affected Products : smt_series_1015_ups_firmware smc_series_1018_ups_firmware smtl_series_1026_ups_firmware scl_series_1029_ups_firmware scl_series_1030_ups_firmware scl_series_1036_ups_firmware scl_series_1037_ups_firmware smx_series_1031_ups_firmware smt_series_18_ups_firmware smt_series_1040_ups_firmware +56 more products- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024