Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40770 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2025-04-28 | 7.2 High |
| Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. | ||||
| CVE-2022-40304 | 4 Apple, Netapp, Redhat and 1 more | 25 Ipados, Iphone Os, Macos and 22 more | 2025-04-28 | 7.8 High |
| An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. | ||||
| CVE-2022-35501 | 1 Amasty | 1 Blog Pro | 2025-04-28 | 5.4 Medium |
| Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. | ||||
| CVE-2022-35500 | 1 Amasty | 1 Blog Pro | 2025-04-28 | 5.4 Medium |
| Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. | ||||
| CVE-2022-42000 | 1 Hallowelt | 1 Bluespice | 2025-04-28 | 3.3 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage. | ||||
| CVE-2022-4067 | 1 Librenms | 1 Librenms | 2025-04-28 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | ||||
| CVE-2022-45939 | 4 Debian, Fedoraproject, Gnu and 1 more | 5 Debian Linux, Fedora, Emacs and 2 more | 2025-04-28 | 7.8 High |
| GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | ||||
| CVE-2022-45921 | 1 Fusionauth | 1 Fusionauth | 2025-04-28 | 7.5 High |
| FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process. | ||||
| CVE-2022-45224 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2025-04-28 | 4.8 Medium |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. | ||||
| CVE-2022-45223 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2025-04-28 | 4.8 Medium |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter. | ||||
| CVE-2022-44651 | 1 Trendmicro | 1 Apex One | 2025-04-28 | 7 High |
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-41446 | 1 Record Management System Project | 1 Record Management System | 2025-04-28 | 5.4 Medium |
| An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data. | ||||
| CVE-2022-3601 | 1 Image Hover Effects Css3 Project | 1 Image Hover Effects Css3 | 2025-04-28 | 4.8 Medium |
| The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-39179 | 1 College Management System Project | 1 College Management System | 2025-04-28 | 7.2 High |
| College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. | ||||
| CVE-2022-39178 | 1 Webvendome Project | 1 Webvendome | 2025-04-28 | 5.3 Medium |
| Webvendome - webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure. | ||||
| CVE-2022-30529 | 1 Isic.lk Project | 1 Isic.lk | 2025-04-28 | 7.2 High |
| File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php. | ||||
| CVE-2022-22488 | 1 Ibm | 6 Power System Ac922 \(8335-gtg\), Power System Ac922 \(8335-gtg\) Firmware, Power System Ac922 \(8335-gth\) and 3 more | 2025-04-28 | 4.9 Medium |
| IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337. | ||||
| CVE-2022-45471 | 1 Jetbrains | 1 Hub | 2025-04-28 | 3.5 Low |
| In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address | ||||
| CVE-2025-29018 | 1 Codeastro | 1 Internet Banking System | 2025-04-28 | 4.8 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0. | ||||
| CVE-2024-46085 | 1 Frogcms Project | 1 Frogcms | 2025-04-28 | 8.8 High |
| FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename | ||||