Export limit exceeded: 364661 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364661 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4750 | 1 Wp Responsive Testimonials Slider And Widget Project | 1 Wp Responsive Testimonials Slider And Widget | 2025-05-05 | 5.4 Medium |
| The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2022-4714 | 1 Wppool | 1 Wp Dark Mode | 2025-05-05 | 5.4 Medium |
| The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack | ||||
| CVE-2022-46908 | 1 Sqlite | 1 Sqlite | 2025-05-05 | 7.3 High |
| SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. | ||||
| CVE-2022-44793 | 4 Debian, Net-snmp, Netapp and 1 more | 11 Debian Linux, Net-snmp, H300s and 8 more | 2025-05-05 | 6.5 Medium |
| handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | ||||
| CVE-2022-44792 | 4 Debian, Net-snmp, Netapp and 1 more | 11 Debian Linux, Net-snmp, H300s and 8 more | 2025-05-05 | 6.5 Medium |
| handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | ||||
| CVE-2022-43126 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php. | ||||
| CVE-2022-43125 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manage_appointment.php. | ||||
| CVE-2022-43124 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. | ||||
| CVE-2022-43086 | 1 Codeastro | 1 Restaurant Pos System | 2025-05-05 | 4.9 Medium |
| Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php. | ||||
| CVE-2022-43085 | 1 Codeastro | 1 Restaurant Pos System | 2025-05-05 | 7.2 High |
| An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-43084 | 1 Vehicle Booking System Project | 1 Vehicle Booking System | 2025-05-05 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter. | ||||
| CVE-2022-43079 | 1 Train Scheduler App Project | 1 Train Scheduler App | 2025-05-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | ||||
| CVE-2022-43078 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2025-05-05 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter. | ||||
| CVE-2022-43076 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2025-05-05 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter. | ||||
| CVE-2022-42326 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2025-05-05 | 5.5 Medium |
| Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. | ||||
| CVE-2022-41723 | 2 Golang, Redhat | 22 Go, Hpack, Http2 and 19 more | 2025-05-05 | 7.5 High |
| A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | ||||
| CVE-2022-40742 | 1 Softnext | 1 Mail Sqr Expert | 2025-05-05 | 6.5 Medium |
| Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | ||||
| CVE-2022-3469 | 1 Marcomilesi | 1 Wp Attachments | 2025-05-05 | 4.8 Medium |
| The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | ||||
| CVE-2022-3373 | 1 Google | 1 Chrome | 2025-05-05 | 8.8 High |
| Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2022-3204 | 3 Fedoraproject, Nlnetlabs, Redhat | 4 Fedora, Unbound, Enterprise Linux and 1 more | 2025-05-05 | 7.5 High |
| A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records. | ||||