Export limit exceeded: 10071 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 13672 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333462 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44262 | 1 Ff4j | 1 Ff4j | 2025-04-29 | 9.8 Critical |
| ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). | ||||
| CVE-2022-44001 | 1 Backclick | 1 Backclick | 2025-04-29 | 9.8 Critical |
| An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed. | ||||
| CVE-2022-43984 | 1 Spatie | 1 Browsershot | 2025-04-29 | 8.2 High |
| Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol. | ||||
| CVE-2022-43983 | 1 Spatie | 1 Browsershot | 2025-04-29 | 8.2 High |
| Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol. | ||||
| CVE-2022-43708 | 1 Mybb | 1 Mybb | 2025-04-29 | 6.1 Medium |
| MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name | ||||
| CVE-2022-43707 | 1 Mybb | 1 Mybb | 2025-04-29 | 6.1 Medium |
| MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data | ||||
| CVE-2022-43332 | 1 Wondercms | 1 Wondercms | 2025-04-29 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. | ||||
| CVE-2022-42097 | 1 Backdropcms | 1 Backdrop | 2025-04-29 | 4.8 Medium |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . | ||||
| CVE-2022-42094 | 1 Backdropcms | 1 Backdrop | 2025-04-29 | 4.8 Medium |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. | ||||
| CVE-2022-41712 | 1 Frappe | 1 Frappe | 2025-04-29 | 6.5 Medium |
| Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. | ||||
| CVE-2022-41706 | 1 Spatie | 1 Browsershot | 2025-04-29 | 8.2 High |
| Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method. | ||||
| CVE-2022-41705 | 1 Uatech | 1 Badaso | 2025-04-29 | 9.8 Critical |
| Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | ||||
| CVE-2022-41445 | 1 Teacher Record Management System Project | 1 Teacher Record Management System | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page. | ||||
| CVE-2022-40282 | 1 Belden | 2 Hirschmann Bat-c2, Hirschmann Bat-c2 Firmware | 2025-04-29 | 8.8 High |
| The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21. | ||||
| CVE-2022-38166 | 3 Apple, F-secure, Microsoft | 3 Macos, Elements Endpoint Protection, Windows | 2025-04-29 | 7.5 High |
| In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11-22_07, the aerdl.dll unpacker handler crashes. This can lead to a scanning engine crash, triggerable remotely by an attacker for denial of service. | ||||
| CVE-2022-31694 | 1 Installbuilder | 1 Installbuilder | 2025-04-29 | 7.3 High |
| InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL. | ||||
| CVE-2022-30256 | 1 Maradns | 1 Maradns | 2025-04-29 | 7.5 High |
| An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names. | ||||
| CVE-2021-37936 | 1 Elastic | 1 Kibana | 2025-04-29 | 5.4 Medium |
| It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user. | ||||
| CVE-2025-2046 | 1 Mayurik | 1 Best Employee Management System | 2025-04-29 | 6.3 Medium |
| A vulnerability was found in SourceCodester Best Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/print1.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-25774 | 1 Open5gs | 1 Open5gs | 2025-04-29 | 6.5 Medium |
| An issue was discovered in Open5GS v2.7.2. When a UE switches between two gNBs and sends a handover request at a specific time, it may cause an exception in the AMF's internal state machine, leading to an AMF crash and resulting in a Denial of Service (DoS). | ||||