Total
2382 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0633 | 1 Updraftplus | 1 Updraftplus | 2024-11-21 | 6.5 Medium |
| The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup. | ||||
| CVE-2022-0594 | 1 Shareaholic | 1 Shareaholic | 2024-11-21 | 5.3 Medium |
| The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. | ||||
| CVE-2022-0580 | 1 Librenms | 1 Librenms | 2024-11-21 | 7.1 High |
| Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0. | ||||
| CVE-2022-0577 | 2 Debian, Scrapy | 2 Debian Linux, Scrapy | 2024-11-21 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. | ||||
| CVE-2022-0574 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.5 Medium |
| Improper Access Control in GitHub repository publify/publify prior to 9.2.8. | ||||
| CVE-2022-0482 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.1 Critical |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. | ||||
| CVE-2022-0406 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 4.3 Medium |
| Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. | ||||
| CVE-2022-0334 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability. | ||||
| CVE-2022-0333 | 1 Moodle | 1 Moodle | 2024-11-21 | 3.8 Low |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events. | ||||
| CVE-2022-0309 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||||
| CVE-2022-0273 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 6.5 Medium |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | ||||
| CVE-2022-0117 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2021-4334 | 1 Radykal | 1 Fancy Product Designer | 2024-11-21 | 8.8 High |
| The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation. | ||||
| CVE-2021-4194 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 6.5 Medium |
| bookstack is vulnerable to Improper Access Control | ||||
| CVE-2021-4133 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Rhosemc | 2024-11-21 | 8.8 High |
| A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. | ||||
| CVE-2021-4026 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 4.3 Medium |
| bookstack is vulnerable to Improper Access Control | ||||
| CVE-2021-46891 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
| CVE-2021-46890 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
| CVE-2021-46561 | 1 Mitre | 1 Cve Services | 2024-11-21 | 7.2 High |
| controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization. | ||||
| CVE-2021-45471 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 5.3 Medium |
| In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | ||||