Export limit exceeded: 364883 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364883 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3909 | 1 Add Comments Project | 1 Add Comments | 2025-04-24 | 4.8 Medium |
| The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-3892 | 1 Wp-oauth | 1 Wp Oauth Server | 2025-04-24 | 4.8 Medium |
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3856 | 1 Inksplat | 1 Comic Book Management System | 2025-04-24 | 7.2 High |
| The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. | ||||
| CVE-2022-3837 | 1 Wpmanage | 1 Uji Countdown | 2025-04-24 | 4.8 Medium |
| The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-3830 | 1 Themeum | 1 Wp Page Builder | 2025-04-24 | 4.8 Medium |
| The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-3694 | 1 Syncee | 1 Syncee - Global Dropshipping | 2025-04-24 | 7.5 High |
| The Syncee WordPress plugin before 1.0.10 leaks the administrator token that can be used to take over the administrator's account. | ||||
| CVE-2022-3677 | 1 Addonspress | 1 Advanced Import | 2025-04-24 | 6.5 Medium |
| The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks | ||||
| CVE-2022-3426 | 1 Advanced Wp Columns Project | 1 Advanced Wp Columns | 2025-04-24 | 4.8 Medium |
| The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-39134 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 4.7 Medium |
| In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel. | ||||
| CVE-2022-39133 | 2 Google, Unisoc | 14 Android, S8022, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | ||||
| CVE-2022-39132 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | ||||
| CVE-2022-39131 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | ||||
| CVE-2022-39130 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | ||||
| CVE-2022-39129 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | ||||
| CVE-2022-39106 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. | ||||
| CVE-2022-39102 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39101 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-39100 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-35259 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | 7.8 High |
| XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges. | ||||
| CVE-2022-27773 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | 9.8 Critical |
| A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. | ||||