Skip to main content
CVE-2022-1120 MEDIUM This Month

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-23697 MEDIUM This Month

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oneview
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-24814 MEDIUM PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Directus
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-26616 MEDIUM This Month

PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Journal Systems
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-27609 MEDIUM This Month

Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft One Endpoint
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2022-27608 MEDIUM This Month

Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft One Endpoint
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2022-23700 MEDIUM This Month

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-25613 MEDIUM This Month

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Fv Flowplayer Video Player
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1190 MEDIUM This Month

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
87.4%
CVE-2022-1188 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-1121 MEDIUM This Month

A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-24813 MEDIUM PATCH This Month

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Createwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-25618 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wpdatatables Lite
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1189 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-1105 MEDIUM This Month

An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-1100 MEDIUM This Month

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-1099 MEDIUM This Month

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-0740 MEDIUM This Month

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-1111 LOW Monitor

A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy