Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363281 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44860 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php. | ||||
| CVE-2022-44859 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php. | ||||
| CVE-2022-44858 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php. | ||||
| CVE-2022-44844 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-29 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. | ||||
| CVE-2022-44843 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-29 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. | ||||
| CVE-2022-44725 | 1 Opcfoundation | 1 Local Discovery Server | 2025-04-29 | 7.8 High |
| OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). | ||||
| CVE-2022-44411 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2025-04-29 | 7.5 High |
| Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack. | ||||
| CVE-2022-44403 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=. | ||||
| CVE-2022-44402 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-29 | 7.2 High |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction. | ||||
| CVE-2022-44384 | 1 Rconfig | 1 Rconfig | 2025-04-29 | 8.8 High |
| An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-44262 | 1 Ff4j | 1 Ff4j | 2025-04-29 | 9.8 Critical |
| ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). | ||||
| CVE-2022-44001 | 1 Backclick | 1 Backclick | 2025-04-29 | 9.8 Critical |
| An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed. | ||||
| CVE-2022-43708 | 1 Mybb | 1 Mybb | 2025-04-29 | 6.1 Medium |
| MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name | ||||
| CVE-2022-43707 | 1 Mybb | 1 Mybb | 2025-04-29 | 6.1 Medium |
| MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data | ||||
| CVE-2022-43332 | 1 Wondercms | 1 Wondercms | 2025-04-29 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. | ||||
| CVE-2022-42097 | 1 Backdropcms | 1 Backdrop | 2025-04-29 | 4.8 Medium |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . | ||||
| CVE-2022-42094 | 1 Backdropcms | 1 Backdrop | 2025-04-29 | 4.8 Medium |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. | ||||
| CVE-2022-41712 | 1 Frappe | 1 Frappe | 2025-04-29 | 6.5 Medium |
| Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. | ||||
| CVE-2022-41705 | 1 Uatech | 1 Badaso | 2025-04-29 | 9.8 Critical |
| Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | ||||
| CVE-2022-41445 | 1 Teacher Record Management System Project | 1 Teacher Record Management System | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Subject page. | ||||