Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363437 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4148 | 1 Metaphorcreations | 1 Ditty | 2025-05-01 | 6.1 Medium |
| The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2022-44547 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | 7.5 High |
| The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability. | ||||
| CVE-2022-43321 | 1 Shopwind | 1 Shopwind | 2025-05-01 | 6.1 Medium |
| Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. | ||||
| CVE-2022-43320 | 1 Feehi | 1 Feehicms | 2025-05-01 | 6.1 Medium |
| FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer. | ||||
| CVE-2022-43310 | 1 Foxitsoftware | 1 Foxit Reader | 2025-05-01 | 7.8 High |
| An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. | ||||
| CVE-2022-43292 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php. | ||||
| CVE-2022-43291 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php. | ||||
| CVE-2022-43290 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php. | ||||
| CVE-2022-43278 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php. | ||||
| CVE-2022-43277 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-43121 | 1 Intelliants | 1 Subrion Cms | 2025-05-01 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field. | ||||
| CVE-2022-43118 | 1 Flatcore | 1 Flatcore-cms | 2025-05-01 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. | ||||
| CVE-2022-40797 | 1 Roxyfileman | 1 Roxy Fileman | 2025-05-01 | 9.8 Critical |
| Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.) | ||||
| CVE-2022-3413 | 1 Gitlab | 1 Gitlab | 2025-05-01 | 4.3 Medium |
| Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above. | ||||
| CVE-2022-37927 | 1 Hpe | 1 Oneview Global Dashboard | 2025-05-01 | 6.1 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). | ||||
| CVE-2022-31689 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | 9.8 Critical |
| VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. | ||||
| CVE-2022-31688 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | 6.1 Medium |
| VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. | ||||
| CVE-2022-31687 | 1 Vmware | 1 Workspace One Assist | 2025-05-01 | 9.8 Critical |
| VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | ||||
| CVE-2022-20465 | 1 Google | 1 Android | 2025-05-01 | 4.6 Medium |
| In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-218500036 | ||||
| CVE-2022-20462 | 1 Google | 1 Android | 2025-05-01 | 7.8 High |
| In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-230356196 | ||||