Export limit exceeded: 366284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366284 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34651 | 1 Scribblemaps | 1 Scribble Maps | 2025-05-05 | 6.1 Medium |
| The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the ~/includes/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | ||||
| CVE-2021-34656 | 1 Videowhisper | 1 2way Videocalls And Random Chat | 2025-05-05 | 6.1 Medium |
| The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.2.7. | ||||
| CVE-2021-34657 | 1 Typofr Project | 1 Typofr | 2025-05-05 | 6.1 Medium |
| The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the ~/vendor/Org_Heigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.11. | ||||
| CVE-2021-34666 | 1 Add Sidebar Project | 1 Add Sidebar | 2025-05-05 | 6.1 Medium |
| The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the ~/wp_sidebarMenu.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.0. | ||||
| CVE-2021-34667 | 1 Calendar Plugin Project | 1 Calendar Plugin | 2025-05-05 | 6.1 Medium |
| The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of `$_SERVER['PHP_SELF']` in the ~/calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | ||||
| CVE-2021-34641 | 1 Seopress | 1 Seopress | 2025-05-05 | 6.4 Medium |
| The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3. | ||||
| CVE-2022-43351 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-05-05 | 6.5 Medium |
| Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | ||||
| CVE-2022-43350 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-05-05 | 7.2 High |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. | ||||
| CVE-2022-43319 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2025-05-05 | 7.5 High |
| An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. | ||||
| CVE-2022-43306 | 1 Democritus | 1 D8s-timer | 2025-05-05 | 8.8 High |
| The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0. | ||||
| CVE-2022-43305 | 1 Democritus | 1 D8s-python | 2025-05-05 | 9.8 Critical |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0. | ||||
| CVE-2022-43304 | 1 Democritus | 1 D8s-timer | 2025-05-05 | 9.8 Critical |
| The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. | ||||
| CVE-2022-43303 | 1 Democritus | 1 D8s-strings | 2025-05-05 | 9.8 Critical |
| The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. | ||||
| CVE-2022-43052 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete. | ||||
| CVE-2022-43051 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test. | ||||
| CVE-2022-43050 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2025-05-05 | 7.2 High |
| Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-43049 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-05 | 7.2 High |
| Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php. | ||||
| CVE-2022-43046 | 1 Oretnom23 | 1 Food Ordering Management System | 2025-05-05 | 4.8 Medium |
| Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php. | ||||
| CVE-2022-42990 | 1 Oretnom23 | 1 Food Ordering Management System | 2025-05-05 | 7.2 High |
| Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer. | ||||
| CVE-2022-42956 | 1 Passwork | 1 Passwork | 2025-05-05 | 7.5 High |
| The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password. | ||||