Export limit exceeded: 16563 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335267 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335267 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43342 | 1 Eramba | 1 Eramba | 2025-04-30 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field. | ||||
| CVE-2022-43323 | 1 Eyoucms | 1 Eyoucms | 2025-04-30 | 8.8 High |
| EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. | ||||
| CVE-2022-43264 | 1 Guitar-pro | 1 Guitar Pro | 2025-04-30 | 7.5 High |
| Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request. | ||||
| CVE-2022-43263 | 1 Guitar-pro | 1 Guitar Pro | 2025-04-30 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the name of an uploaded file. | ||||
| CVE-2022-43256 | 1 Seacms | 1 Seacms | 2025-04-30 | 9.8 Critical |
| SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. | ||||
| CVE-2022-43234 | 1 Hoosk | 1 Hoosk | 2025-04-30 | 9.8 Critical |
| An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-43135 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-04-30 | 9.8 Critical |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php. | ||||
| CVE-2022-42960 | 1 Equalweb | 1 Equalweb Accessibility Widget | 2025-04-30 | 5.4 Medium |
| EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js. | ||||
| CVE-2022-40309 | 1 Apache | 1 Archiva | 2025-04-30 | 4.3 Medium |
| Users with write permissions to a repository can delete arbitrary directories. | ||||
| CVE-2022-40308 | 1 Apache | 1 Archiva | 2025-04-30 | 7.5 High |
| If anonymous read enabled, it's possible to read the database file directly without logging in. | ||||
| CVE-2022-3763 | 1 Booster | 1 Booster For Woocommerce | 2025-04-30 | 8.1 High |
| The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack | ||||
| CVE-2022-3762 | 1 Booster | 1 Booster For Woocommerce | 2025-04-30 | 6.5 Medium |
| The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite) | ||||
| CVE-2022-3753 | 1 Evaluate Project | 1 Evaluate | 2025-04-30 | 4.8 Medium |
| The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | ||||
| CVE-2022-3750 | 1 Inkthemes | 1 Ask Me | 2025-04-30 | 4.7 Medium |
| The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation. | ||||
| CVE-2022-3720 | 1 Awplife | 1 Event Monster | 2025-04-30 | 7.2 High |
| The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users | ||||
| CVE-2022-3691 | 1 Fluenx | 1 Deepl Pro Api Translation | 2025-04-30 | 7.5 High |
| The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor. | ||||
| CVE-2022-3631 | 1 Digitialpixies | 1 Oauth Client | 2025-04-30 | 4.8 Medium |
| The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | ||||
| CVE-2022-3578 | 1 Metagauss | 1 Profilegrid | 2025-04-30 | 6.1 Medium |
| The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-3574 | 1 Wpforms | 1 Wpforms Pro | 2025-04-30 | 9.8 Critical |
| The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection. | ||||
| CVE-2022-3539 | 1 Themepoints | 2 Testimonials, Testimonials Pro | 2025-04-30 | 4.8 Medium |
| The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||