Export limit exceeded: 328243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 15858 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 15858 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 328243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (328243 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44959 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | 5.4 Medium |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2022-44957 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | 5.4 Medium |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2022-44956 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | 5.4 Medium |
| webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2022-44291 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | 9.8 Critical |
| webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. | ||||
| CVE-2022-44290 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | 9.8 Critical |
| webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. | ||||
| CVE-2022-44277 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | 7.2 High |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product. | ||||
| CVE-2022-44136 | 1 Tribalsystems | 1 Zenario | 2025-04-24 | 9.8 Critical |
| Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE). | ||||
| CVE-2022-44097 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-24 | 9.8 Critical |
| Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | ||||
| CVE-2022-40849 | 1 Thinkcmf | 1 Thinkcmf | 2025-04-24 | 5.4 Medium |
| ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's PHP session token (PHPSESSID). | ||||
| CVE-2022-40489 | 1 Thinkcmf | 1 Thinkcmf | 2025-04-24 | 8.8 High |
| ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users. | ||||
| CVE-2022-3713 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-24 | 8.8 High |
| A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | ||||
| CVE-2022-37017 | 1 Broadcom | 1 Symantec Endpoint Protection | 2025-04-24 | 7.5 High |
| Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. | ||||
| CVE-2022-37016 | 1 Broadcom | 1 Symantec Endpoint Protection | 2025-04-24 | 9.8 Critical |
| Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2024-32752 | 1 Johnsoncontrols | 2 Icu, Software House Istar Pro Door Controller | 2025-04-24 | 9.1 Critical |
| The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access | ||||
| CVE-2023-39810 | 1 Busybox | 1 Busybox | 2025-04-24 | 7.8 High |
| An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. | ||||
| CVE-2022-45797 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-04-24 | 7.1 High |
| An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-45640 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-24 | 7.5 High |
| Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). | ||||
| CVE-2022-45337 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2025-04-24 | 7.5 High |
| Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. | ||||
| CVE-2022-45332 | 1 Gnu | 1 Libredwg | 2025-04-24 | 7.8 High |
| LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c. | ||||
| CVE-2022-45328 | 1 Church Management System Project | 1 Church Management System | 2025-04-24 | 7.2 High |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php. | ||||