Export limit exceeded: 363304 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363304 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-41994 1 Basercms 1 Basercms 2025-04-23 4.8 Medium
Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
CVE-2022-3858 1 Premio 1 Chaty 2025-04-23 7.2 High
The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin.
CVE-2022-3846 1 Amentotech 1 Workreap 2025-04-23 7.5 High
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.
CVE-2022-3838 1 Wpupper Share Buttons Project 1 Wpupper Share Buttons 2025-04-23 4.8 Medium
The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2022-39099 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39098 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39097 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39096 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39095 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39094 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39093 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39092 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39091 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39090 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-23 7.8 High
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-25630 1 Symantec 1 Messaging Gateway 2025-04-23 5.4 Medium
An authenticated user can embed malicious content with XSS into the admin group policy page.
CVE-2022-25629 1 Symantec 1 Messaging Gateway 2025-04-23 5.4 Medium
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
CVE-2022-1540 1 Postmagthemes 1 Postmagthemes Demo Import 2025-04-23 7.2 High
The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.
CVE-2020-6627 1 Seagate 6 Stcg2000300, Stcg2000300 Firmware, Stcg3000300 and 3 more 2025-04-23 9.8 Critical
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.
CVE-2022-39906 1 Google 1 Android 2025-04-23 2.3 Low
Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information.
CVE-2022-39907 1 Google 1 Android 2025-04-23 6.9 Medium
Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.