Search

Search Results (363286 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-42329 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-23 5.5 Medium
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
CVE-2022-42328 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-23 6.2 Medium
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
CVE-2022-41994 1 Basercms 1 Basercms 2025-04-23 4.8 Medium
Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
CVE-2022-3858 1 Premio 1 Chaty 2025-04-23 7.2 High
The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin.
CVE-2022-3846 1 Amentotech 1 Workreap 2025-04-23 7.5 High
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.
CVE-2022-3838 1 Wpupper Share Buttons Project 1 Wpupper Share Buttons 2025-04-23 4.8 Medium
The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2022-39099 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39098 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39097 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39096 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39095 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39094 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39093 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39092 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39091 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39090 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-25630 1 Symantec 1 Messaging Gateway 2025-04-23 5.4 Medium
An authenticated user can embed malicious content with XSS into the admin group policy page.
CVE-2022-25629 1 Symantec 1 Messaging Gateway 2025-04-23 5.4 Medium
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
CVE-2022-1540 1 Postmagthemes 1 Postmagthemes Demo Import 2025-04-23 7.2 High
The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.
CVE-2020-6627 1 Seagate 6 Stcg2000300, Stcg2000300 Firmware, Stcg3000300 and 3 more 2025-04-23 9.8 Critical
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.