Export limit exceeded: 333432 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333432 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34317 | 1 Ibm | 1 Cics Tx | 2025-04-29 | 5.4 Medium |
| IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229459. | ||||
| CVE-2025-3338 | 1 Code-projects | 1 Online Restaurant Management System | 2025-04-29 | 7.3 High |
| A vulnerability classified as critical has been found in codeprojects Online Restaurant Management System 1.0. Affected is an unknown function of the file /admin/user_save.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-3339 | 1 Code-projects | 1 Online Restaurant Management System | 2025-04-29 | 7.3 High |
| A vulnerability classified as critical was found in codeprojects Online Restaurant Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user_update.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3340 | 1 Code-projects | 1 Online Restaurant Management System | 2025-04-29 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/combo_update.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-28764 | 1 Zoom | 3 Meetings, Rooms, Vdi Windows Meeting Clients | 2025-04-29 | 3.3 Low |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account. | ||||
| CVE-2022-34665 | 3 Linux, Microsoft, Nvidia | 8 Linux Kernel, Windows, Cloud Gaming Guest and 5 more | 2025-04-29 | 6.5 Medium |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | ||||
| CVE-2022-4055 | 2 Freedesktop, Redhat | 2 Xdg-utils, Enterprise Linux | 2025-04-29 | 7.4 High |
| When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked. | ||||
| CVE-2022-45474 | 1 Drachtio | 1 Drachtio-server | 2025-04-29 | 9.8 Critical |
| drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. | ||||
| CVE-2022-44820 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=. | ||||
| CVE-2022-44641 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2025-04-29 | 6.5 Medium |
| In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | ||||
| CVE-2022-44415 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=. | ||||
| CVE-2022-44414 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=. | ||||
| CVE-2022-44413 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=. | ||||
| CVE-2022-44379 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service. | ||||
| CVE-2022-38395 | 1 Hp | 2 Fusion, Support Assistant | 2025-04-29 | 7.8 High |
| HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up. | ||||
| CVE-2022-2794 | 1 Hp | 26 Pagewide 352dw J6u57a, Pagewide 352dw J6u57a Firmware, Pagewide 377dw J9v80a and 23 more | 2025-04-29 | 7.5 High |
| Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack. | ||||
| CVE-2022-41814 | 1 Hallowelt | 1 Bluespice | 2025-04-29 | 3.3 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage. | ||||
| CVE-2025-3729 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-29 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handler. The manipulation of the argument txtdbname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11924 | 1 Icegram | 1 Icegram Express | 2025-04-29 | 3.5 Low |
| The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-1523 | 1 Davidvongries | 1 Ultimate Dashboard | 2025-04-29 | 3.5 Low |
| The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||