Export limit exceeded: 333924 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333924 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44843 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-29 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. | ||||
| CVE-2022-44725 | 1 Opcfoundation | 1 Local Discovery Server | 2025-04-29 | 7.8 High |
| OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). | ||||
| CVE-2022-44411 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2025-04-29 | 7.5 High |
| Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack. | ||||
| CVE-2022-44403 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=. | ||||
| CVE-2022-44402 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction. | ||||
| CVE-2022-44384 | 1 Rconfig | 1 Rconfig | 2025-04-29 | 8.8 High |
| An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-44262 | 1 Ff4j | 1 Ff4j | 2025-04-29 | 9.8 Critical |
| ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). | ||||
| CVE-2022-44001 | 1 Backclick | 1 Backclick | 2025-04-29 | 9.8 Critical |
| An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed. | ||||
| CVE-2022-43984 | 1 Spatie | 1 Browsershot | 2025-04-29 | 8.2 High |
| Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does not contain URLs that use the file:// protocol. | ||||
| CVE-2022-43983 | 1 Spatie | 1 Browsershot | 2025-04-29 | 8.2 High |
| Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol. | ||||
| CVE-2022-43708 | 1 Mybb | 1 Mybb | 2025-04-29 | 6.1 Medium |
| MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name | ||||
| CVE-2022-43707 | 1 Mybb | 1 Mybb | 2025-04-29 | 6.1 Medium |
| MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data | ||||
| CVE-2022-43332 | 1 Wondercms | 1 Wondercms | 2025-04-29 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. | ||||
| CVE-2022-42097 | 1 Backdropcms | 1 Backdrop | 2025-04-29 | 4.8 Medium |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . | ||||
| CVE-2022-42094 | 1 Backdropcms | 1 Backdrop | 2025-04-29 | 4.8 Medium |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. | ||||
| CVE-2022-41712 | 1 Frappe | 1 Frappe | 2025-04-29 | 6.5 Medium |
| Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. | ||||
| CVE-2022-41706 | 1 Spatie | 1 Browsershot | 2025-04-29 | 8.2 High |
| Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method. | ||||
| CVE-2022-41705 | 1 Uatech | 1 Badaso | 2025-04-29 | 9.8 Critical |
| Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | ||||
| CVE-2022-41445 | 1 Teacher Record Management System Project | 1 Teacher Record Management System | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page. | ||||
| CVE-2022-40282 | 1 Belden | 2 Hirschmann Bat-c2, Hirschmann Bat-c2 Firmware | 2025-04-29 | 8.8 High |
| The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21. | ||||