Export limit exceeded: 328764 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 328764 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (328764 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43143 | 1 Beekeeperstudio | 1 Beekeeper-studio | 2025-04-29 | 9.6 Critical |
| A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container. | ||||
| CVE-2022-43117 | 1 Password Storage Application Project | 1 Password Storage Application | 2025-04-29 | 5.4 Medium |
| Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters. | ||||
| CVE-2022-42891 | 1 Siemens | 1 Syngo Dynamics Cardiovascular Imaging And Information System | 2025-04-29 | 7.5 High |
| A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool. | ||||
| CVE-2022-42734 | 1 Siemens | 1 Syngo Dynamics Cardiovascular Imaging And Information System | 2025-04-29 | 7.5 High |
| A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application pool. | ||||
| CVE-2022-42733 | 1 Siemens | 1 Syngo Dynamics Cardiovascular Imaging And Information System | 2025-04-29 | 7.5 High |
| A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website’s application pool. | ||||
| CVE-2022-42096 | 1 Backdropcms | 1 Backdrop Cms | 2025-04-29 | 4.8 Medium |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. | ||||
| CVE-2022-40470 | 1 Phpgurukul | 1 Blood Donor Management System | 2025-04-29 | 4.8 Medium |
| Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. | ||||
| CVE-2022-3561 | 1 Librenms | 1 Librenms | 2025-04-29 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | ||||
| CVE-2022-37197 | 1 Iobit | 1 Iotransfer | 2025-04-29 | 7.8 High |
| IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. | ||||
| CVE-2022-36786 | 1 Dlink | 2 Dsl-224, Dsl-224 Firmware | 2025-04-29 | 9.9 Critical |
| DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. | ||||
| CVE-2022-34827 | 1 Carel | 2 Boss Mini, Boss Mini Firmware | 2025-04-29 | 8.8 High |
| Carel Boss Mini 1.5.0 has Improper Access Control. | ||||
| CVE-2021-31739 | 1 Seppmail | 1 Seppmail | 2025-04-29 | 6.1 Medium |
| The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address. | ||||
| CVE-2021-22141 | 1 Elastic | 1 Kibana | 2025-04-29 | 6.1 Medium |
| An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website. | ||||
| CVE-2022-3480 | 1 Phoenixcontact | 62 Fl Mguard Centerport, Fl Mguard Centerport Firmware, Fl Mguard Centerport Vpn-1000 and 59 more | 2025-04-29 | 7.5 High |
| A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue. | ||||
| CVE-2022-3461 | 1 Phoenixcontact | 1 Automationworx Software Suite | 2025-04-29 | 7.8 High |
| In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. | ||||
| CVE-2022-3893 | 1 Hallowelt | 1 Bluespice | 2025-04-29 | 2.3 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application. | ||||
| CVE-2024-13207 | 1 Patelmilap | 1 Widget For Social Page Feeds | 2025-04-29 | 4.8 Medium |
| The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-3958 | 1 Hallowelt | 1 Bluespice | 2025-04-29 | 3.3 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks. | ||||
| CVE-2022-41611 | 1 Hallowelt | 1 Bluespice | 2025-04-29 | 2.3 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application. | ||||
| CVE-2022-41789 | 1 Hallowelt | 1 Bluespice | 2025-04-29 | 3.3 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage. | ||||