Export limit exceeded: 363643 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363643 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363643 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42803 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-22 | 7 High |
| A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-42801 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-22 | 7.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-42800 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-22 | 7.8 High |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution. | ||||
| CVE-2022-3999 | 1 Dpdgroup | 1 Woocommerce Shipping | 2025-04-22 | 8.1 High |
| The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable. | ||||
| CVE-2022-3989 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2025-04-22 | 8.8 High |
| The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the uploaded payload. | ||||
| CVE-2022-3982 | 1 Wpdevart | 1 Booking Calendar | 2025-04-22 | 9.8 Critical |
| The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE | ||||
| CVE-2022-3981 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2025-04-22 | 8.8 High |
| The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber | ||||
| CVE-2022-3935 | 1 Welcart | 1 Welcart E-commerce | 2025-04-22 | 5.4 Medium |
| The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2022-3934 | 1 Mehanoid | 1 Flat Pm | 2025-04-22 | 5.4 Medium |
| The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2022-3933 | 1 G5theme | 1 Essential Real Estate | 2025-04-22 | 5.4 Medium |
| The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks. | ||||
| CVE-2022-3925 | 1 Buddybadges Project | 1 Buddybadges | 2025-04-22 | 7.2 High |
| The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users | ||||
| CVE-2022-3921 | 1 Themographics | 1 Listingo | 2025-04-22 | 9.8 Critical |
| The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE | ||||
| CVE-2022-3919 | 1 Automattic | 1 Jetpack Crm | 2025-04-22 | 4.8 Medium |
| The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-3900 | 1 Boxystudio | 1 Cooked | 2025-04-22 | 9.8 Critical |
| The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability. | ||||
| CVE-2022-3862 | 1 Livemeshelementor | 1 Addons For Elementor | 2025-04-22 | 4.8 Medium |
| The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-3853 | 1 Supra-csv-parser Project | 1 Supra-csv-parser | 2025-04-22 | 5.4 Medium |
| Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. | ||||
| CVE-2022-3609 | 1 Getyourguide Ticketing Project | 1 Getyourguide Ticketing | 2025-04-22 | 4.8 Medium |
| The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3605 | 1 Wp Csv Exporter Project | 1 Wp Csv Exporter | 2025-04-22 | 7.8 High |
| The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability. | ||||
| CVE-2022-3510 | 2 Google, Redhat | 5 Protobuf-java, Protobuf-javalite, Jboss Enterprise Bpms Platform and 2 more | 2025-04-22 | 7.5 High |
| A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | ||||
| CVE-2022-3509 | 2 Google, Redhat | 5 Protobuf-java, Protobuf-javalite, Jboss Enterprise Bpms Platform and 2 more | 2025-04-22 | 7.5 High |
| A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | ||||