Export limit exceeded: 334975 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334975 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42142 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2025-05-14 | 7.2 High |
| Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php. | ||||
| CVE-2022-42029 | 1 Chamilo | 1 Chamilo | 2025-05-14 | 8.8 High |
| Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory. | ||||
| CVE-2022-41594 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 3.4 Low |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | ||||
| CVE-2022-41593 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 3.4 Low |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | ||||
| CVE-2022-41592 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 3.4 Low |
| The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. | ||||
| CVE-2022-41588 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 7.5 High |
| The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. | ||||
| CVE-2022-41586 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 7.5 High |
| The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-41580 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 9.8 Critical |
| The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. | ||||
| CVE-2022-41578 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | 9.8 Critical |
| The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information. | ||||
| CVE-2022-41472 | 1 74cms | 1 74cmsse | 2025-05-14 | 5.4 Medium |
| 74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. | ||||
| CVE-2022-41471 | 1 74cms | 1 74cmsse | 2025-05-14 | 6.5 Medium |
| 74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. | ||||
| CVE-2022-41431 | 1 Mindskip | 1 Xzs | 2025-05-14 | 5.4 Medium |
| xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. | ||||
| CVE-2022-41139 | 1 Mitre | 1 Caldera | 2025-05-14 | 5.4 Medium |
| MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents. | ||||
| CVE-2022-40606 | 1 Mitre | 1 Caldera | 2025-05-14 | 6.1 Medium |
| MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605. | ||||
| CVE-2022-40605 | 1 Mitre | 1 Caldera | 2025-05-14 | 6.1 Medium |
| MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606. | ||||
| CVE-2022-40055 | 1 Gxgroup | 2 Gpon Ont Titanium 2122a, Gpon Ont Titanium 2122a Firmware | 2025-05-14 | 9.8 Critical |
| An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. | ||||
| CVE-2022-3331 | 1 Gitlab | 1 Gitlab | 2025-05-14 | 3.5 Low |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Zentao project issues. | ||||
| CVE-2022-3243 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2025-05-14 | 7.2 High |
| The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin | ||||
| CVE-2022-3206 | 1 Passster Project | 1 Passster | 2025-05-14 | 5.9 Medium |
| The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked. | ||||
| CVE-2022-3165 | 3 Fedoraproject, Qemu, Redhat | 3 Fedora, Qemu, Enterprise Linux | 2025-05-14 | 6.5 Medium |
| An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. | ||||