CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (324459 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-44960	1 Webtareas Project	1 Webtareas	2025-04-24	5.4 Medium
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.
CVE-2022-44955	1 Webtareas Project	1 Webtareas	2025-04-24	5.4 Medium
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field.
CVE-2022-44954	1 Webtareas Project	1 Webtareas	2025-04-24	5.4 Medium
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add".
CVE-2022-44953	1 Webtareas Project	1 Webtareas	2025-04-24	5.4 Medium
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".
CVE-2022-44952	1 Rukovoditel	1 Rukovoditel	2025-04-24	5.4 Medium
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".
CVE-2022-44951	1 Rukovoditel	1 Rukovoditel	2025-04-24	5.4 Medium
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2022-44367	1 Tenda	2 I21, I21 Firmware	2025-04-24	9.8 Critical
Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo.
CVE-2022-44362	1 Tenda	2 I21, I21 Firmware	2025-04-24	9.8 Critical
Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule.
CVE-2022-44348	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=.
CVE-2022-44347	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=.
CVE-2022-44345	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=.
CVE-2022-44296	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=.
CVE-2022-44295	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=.
CVE-2022-44294	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	7.2 High
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.
CVE-2022-44151	1 Sanitization Management System Project	1 Sanitization Management System	2025-04-24	9.8 Critical
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
CVE-2022-43325	1 Telosalliance	2 Omnia Mpx Node, Omnia Mpx Node Firmware	2025-04-24	9.8 Critical
An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.
CVE-2022-42718	1 Ni	1 Labview Command Line Interface	2025-04-24	7.8 High
Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-41412	1 Perfsonar	1 Perfsonar	2025-04-24	8.6 High
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
CVE-2022-3709	1 Sophos	2 Xg Firewall, Xg Firewall Firmware	2025-04-24	6.8 Medium
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.
CVE-2022-3696	1 Sophos	2 Xg Firewall, Xg Firewall Firmware	2025-04-24	7.2 High
A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.

« first previous Page 3453 of 16223. next last »