Export limit exceeded: 363673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363673 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40402 | 2 Nikhil-bhalerao, Sourcecodester | 2 Simple Library Management System, Simple Library Management System | 2025-04-23 | 6.3 Medium |
| A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries. | ||||
| CVE-2022-29838 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2025-04-23 | 4.3 Medium |
| Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. | ||||
| CVE-2022-45758 | 1 Sens Project | 1 Sens | 2025-04-23 | 5.4 Medium |
| SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister. | ||||
| CVE-2022-45479 | 1 Beappsmobile | 1 Pc Keyboard Wifi\&bluetooth | 2025-04-23 | 9.8 Critical |
| PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | ||||
| CVE-2022-45292 | 1 Funkwhale | 1 Funkwhale | 2025-04-23 | 5.3 Medium |
| User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted. | ||||
| CVE-2022-45290 | 1 Kbase Doc Project | 1 Kbase Doc | 2025-04-23 | 9.1 Critical |
| Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java. | ||||
| CVE-2022-45275 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-04-23 | 7.2 High |
| An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-45269 | 1 Gmaolinx | 1 Linx Sphere | 2025-04-23 | 7.5 High |
| A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files. | ||||
| CVE-2022-45228 | 1 Dragino | 2 Lg01 Lora, Lg01 Lora Firmware | 2025-04-23 | 3.5 Low |
| Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page. | ||||
| CVE-2022-45227 | 1 Dragino | 2 Lg01 Lora, Lg01 Lora Firmware | 2025-04-23 | 7.5 High |
| The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication. | ||||
| CVE-2022-45145 | 1 Call-cc | 1 Chicken | 2025-04-23 | 9.8 Critical |
| egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file. | ||||
| CVE-2022-45009 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2025-04-23 | 7.2 High |
| Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-45008 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2025-04-23 | 4.8 Medium |
| Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module. | ||||
| CVE-2022-44942 | 1 Casbin | 1 Casdoor | 2025-04-23 | 8.1 High |
| Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. | ||||
| CVE-2022-44849 | 1 Metinfo | 1 Metinfo | 2025-04-23 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. | ||||
| CVE-2022-44637 | 1 Redmine | 1 Redmine | 2025-04-23 | 6.1 Medium |
| Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user. | ||||
| CVE-2022-44620 | 1 Unimo | 6 Udr-ja1604, Udr-ja1604 Firmware, Udr-ja1608 and 3 more | 2025-04-23 | 8.8 High |
| Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||
| CVE-2022-44608 | 1 Cybozu | 1 Cybozu Remote Service | 2025-04-23 | 7.5 High |
| Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition. | ||||
| CVE-2022-44606 | 1 Unimo | 6 Udr-ja1604, Udr-ja1604 Firmware, Udr-ja1608 and 3 more | 2025-04-23 | 8.8 High |
| OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||
| CVE-2022-44393 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-23 | 7.2 High |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. | ||||