Latest CVE Feed
-
6.5
MEDIUMCVE-2022-3882
The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and a... Read more
Affected Products : wp-memory- Published: Dec. 12, 2022
- Modified: Apr. 22, 2025
-
8.8
HIGHCVE-2022-3359
The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain... Read more
Affected Products : shortcodes_and_extra_features_for_phlox_theme- Published: Dec. 12, 2022
- Modified: Apr. 22, 2025
-
5.5
MEDIUMCVE-2022-3104
An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.... Read more
Affected Products : linux_kernel- Published: Dec. 14, 2022
- Modified: Apr. 22, 2025
-
6.1
MEDIUMCVE-2022-38628
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attacke... Read more
- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
9.8
CRITICALCVE-2022-38488
logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter.... Read more
Affected Products : logrocket-oauth2-example- Published: Dec. 14, 2022
- Modified: Apr. 22, 2025
-
8.8
HIGHCVE-2022-37155
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.... Read more
Affected Products : spip- Published: Dec. 14, 2022
- Modified: Apr. 22, 2025
-
7.5
HIGHCVE-2022-33239
Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdra... Read more
Affected Products : aqt1000_firmware qam8295p_firmware qca6390_firmware qca6391_firmware qca6420_firmware qca6426_firmware qca6430_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware +458 more products- Published: Nov. 15, 2022
- Modified: Apr. 22, 2025
-
7.5
HIGHCVE-2022-33237
Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapd... Read more
Affected Products : aqt1000_firmware qam8295p_firmware qca6390_firmware qca6391_firmware qca6420_firmware qca6426_firmware qca6430_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware +466 more products- Published: Nov. 15, 2022
- Modified: Apr. 22, 2025
-
7.5
HIGHCVE-2022-33236
Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking... Read more
Affected Products : qca6390_firmware qca6391_firmware qca6426_firmware qca6436_firmware sd_8_gen1_5g_firmware sd865_5g_firmware sd870_firmware wcd9380_firmware wcn6850_firmware wcn6851_firmware +146 more products- Published: Nov. 15, 2022
- Modified: Apr. 22, 2025
-
8.2
HIGHCVE-2022-33235
Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdra... Read more
Affected Products : aqt1000_firmware qam8295p_firmware qca6390_firmware qca6391_firmware qca6420_firmware qca6426_firmware qca6430_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware +482 more products- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
9.8
CRITICALCVE-2022-33234
Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables... Read more
Affected Products : aqt1000_firmware qca6390_firmware qca6391_firmware qca6420_firmware qca6426_firmware qca6430_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware +210 more products- Published: Nov. 15, 2022
- Modified: Apr. 22, 2025
-
7.5
HIGHCVE-2022-31703
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.... Read more
Affected Products : vrealize_log_insight- Published: Dec. 14, 2022
- Modified: Apr. 22, 2025
-
9.8
CRITICALCVE-2022-31702
vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.... Read more
Affected Products : vrealize_network_insight- Published: Dec. 14, 2022
- Modified: Apr. 22, 2025
-
5.3
MEDIUMCVE-2022-31701
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.... Read more
- Published: Dec. 14, 2022
- Modified: Apr. 22, 2025
-
7.2
HIGHCVE-2022-31700
VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.... Read more
- Published: Dec. 14, 2022
- Modified: Apr. 22, 2025
-
3.3
LOWCVE-2022-31699
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.... Read more
- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
5.5
MEDIUMCVE-2022-31697
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can ... Read more
- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
8.8
HIGHCVE-2022-31696
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.... Read more
- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
9.0
CRITICALCVE-2022-31358
A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.... Read more
Affected Products : virtual_environment- Published: Dec. 14, 2022
- Modified: Apr. 22, 2025
-
6.5
MEDIUMCVE-2022-27581
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The pat... Read more
- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025