Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0549 | 1 Gitlab | 1 Gitlab | 2022-04-04 | 3.5 LOW | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI. | |||||
| CVE-2022-0680 | 1 Plezi | 1 Plezi | 2022-04-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2022-0488 | 1 Gitlab | 1 Gitlab | 2022-04-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes. | |||||
| CVE-2022-28135 | 1 Jenkins | 1 Instant-messaging | 2022-04-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-0427 | 1 Gitlab | 1 Gitlab | 2022-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover | |||||
| CVE-2022-0720 | 1 Tms-outsource | 1 Amelia | 2022-04-04 | 5.5 MEDIUM | 5.4 MEDIUM |
| The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. | |||||
| CVE-2022-0371 | 1 Gitlab | 1 Gitlab | 2022-04-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private. | |||||
| CVE-2018-25030 | 1 Mirmay | 2 File Manager, Secure Private Browser | 2022-04-04 | 1.9 LOW | 2.5 LOW |
| A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-0397 | 1 Wpclever | 1 Wpc Smart Wishlist For Woocommerce | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25068 | 1 Dpl | 1 Sync Woocommerce Product Feed To Google Shopping | 2022-04-04 | 6.5 MEDIUM | 7.2 HIGH |
| The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard | |||||
| CVE-2021-25071 | 1 Inpsyde | 1 Akismet Privacy Policies | 2022-04-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-25070 | 1 Stopbadbots | 1 Block And Stop Bad Bots | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue | |||||
| CVE-2022-28152 | 1 Jenkins | 1 Job And Node Ownership | 2022-04-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. | |||||
| CVE-2022-28151 | 1 Jenkins | 1 Job And Node Ownership | 2022-04-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. | |||||
| CVE-2021-42970 | 1 Cxuu | 1 Cxuucms | 2022-04-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter. | |||||
| CVE-2022-28154 | 1 Jenkins | 1 Coverage\/complexity Scatter Plot | 2022-04-04 | 5.5 MEDIUM | 8.1 HIGH |
| Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-28153 | 1 Jenkins | 1 Sitemonitor | 2022-04-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-28155 | 1 Jenkins | 1 Pipeline\ | 2022-04-04 | 5.5 MEDIUM | 8.1 HIGH |
| Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2022-28157 | 1 Jenkins | 1 Pipeline\ | 2022-04-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. | |||||
| CVE-2022-28156 | 1 Jenkins | 1 Pipeline\ | 2022-04-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. | |||||