Export limit exceeded: 366284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-34651 1 Scribblemaps 1 Scribble Maps 2025-05-05 6.1 Medium
The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the ~/includes/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.
CVE-2021-34656 1 Videowhisper 1 2way Videocalls And Random Chat 2025-05-05 6.1 Medium
The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.2.7.
CVE-2021-34657 1 Typofr Project 1 Typofr 2025-05-05 6.1 Medium
The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the ~/vendor/Org_Heigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.11.
CVE-2021-34666 1 Add Sidebar Project 1 Add Sidebar 2025-05-05 6.1 Medium
The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the ~/wp_sidebarMenu.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.0.
CVE-2021-34667 1 Calendar Plugin Project 1 Calendar Plugin 2025-05-05 6.1 Medium
The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of `$_SERVER['PHP_SELF']` in the ~/calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.
CVE-2021-34641 1 Seopress 1 Seopress 2025-05-05 6.4 Medium
The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3.
CVE-2022-43351 1 Sanitization Management System Project 1 Sanitization Management System 2025-05-05 6.5 Medium
Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.
CVE-2022-43350 1 Sanitization Management System Project 1 Sanitization Management System 2025-05-05 7.2 High
Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry.
CVE-2022-43319 1 Simple E-learning System Project 1 Simple E-learning System 2025-05-05 7.5 High
An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.
CVE-2022-43306 1 Democritus 1 D8s-timer 2025-05-05 8.8 High
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0.
CVE-2022-43305 1 Democritus 1 D8s-python 2025-05-05 9.8 Critical
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0.
CVE-2022-43304 1 Democritus 1 D8s-timer 2025-05-05 9.8 Critical
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.
CVE-2022-43303 1 Democritus 1 D8s-strings 2025-05-05 9.8 Critical
The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.
CVE-2022-43052 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2025-05-05 7.2 High
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete.
CVE-2022-43051 1 Online Diagnostic Lab Management System Project 1 Online Diagnostic Lab Management System 2025-05-05 7.2 High
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test.
CVE-2022-43050 1 Online Tours And Travels Management System Project 1 Online Tours And Travels Management System 2025-05-05 7.2 High
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43049 1 Canteen Management System Project 1 Canteen Management System 2025-05-05 7.2 High
Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php.
CVE-2022-43046 1 Oretnom23 1 Food Ordering Management System 2025-05-05 4.8 Medium
Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.
CVE-2022-42990 1 Oretnom23 1 Food Ordering Management System 2025-05-05 7.2 High
Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer.
CVE-2022-42956 1 Passwork 1 Passwork 2025-05-05 7.5 High
The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.