ποΈ CVE-2022-0087
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site S
ποΈ CVE-2022-0140
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form
ποΈ CVE-2022-0147
The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape us
ποΈ CVE-2022-0150
The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the w
ποΈ CVE-2022-0165
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter befo
ποΈ CVE-2022-0201
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin
ποΈ CVE-2022-0206
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before
ποΈ CVE-2022-0212
The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback paramet
ποΈ CVE-2022-0220
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, availab
ποΈ CVE-2022-0148
The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2
ποΈ CVE-2022-0149
The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site
ποΈ CVE-2022-0234
The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency p
ποΈ CVE-2022-0169
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id
ποΈ CVE-2022-0271
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice befo
ποΈ CVE-2022-0189
The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in
ποΈ CVE-2022-0208
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid paramete
ποΈ CVE-2022-0218
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated
ποΈ CVE-2022-0342
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versio
ποΈ CVE-2022-0228
The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby an
ποΈ CVE-2022-0346
The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter whi
ποΈ CVE-2022-0412
The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress pl
ποΈ CVE-2022-0415
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6
ποΈ CVE-2022-0422
The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_cu
ποΈ CVE-2022-0424
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisa
ποΈ CVE-2022-0281
Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior
ποΈ CVE-2022-0432
Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.
ποΈ CVE-2022-0434
The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids paramet
ποΈ CVE-2022-0437
Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.
ποΈ CVE-2022-0288
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do no
ποΈ CVE-2022-0441
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when regist
ποΈ CVE-2022-0533
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cro
ποΈ CVE-2022-0349
The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter bef
ποΈ CVE-2022-0535
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which c
ποΈ CVE-2022-0540
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by
ποΈ CVE-2022-0378
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
ποΈ CVE-2022-0381
The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficie
ποΈ CVE-2022-0651
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and p
ποΈ CVE-2022-0653
The Profile Builder β User Profile & User Registration Forms WordPress plugin is vulnerable to Cross
ποΈ CVE-2022-0656
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in i
ποΈ CVE-2022-0660
Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prio
ποΈ CVE-2022-0735
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.
ποΈ CVE-2022-0482
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidi
ποΈ CVE-2022-0747
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id paramet
ποΈ CVE-2022-0760
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id par
ποΈ CVE-2022-0773
The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is b
ποΈ CVE-2022-0776
Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.
ποΈ CVE-2022-0591
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_g
ποΈ CVE-2022-0594
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does no
ποΈ CVE-2022-0595
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be upload
ποΈ CVE-2022-0597
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
ποΈ CVE-2022-0599
The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and esca
ποΈ CVE-2022-0658
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter
ποΈ CVE-2022-0678
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.
ποΈ CVE-2022-0679
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path pa
ποΈ CVE-2022-0692
Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.
ποΈ CVE-2022-0693
The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter
ποΈ CVE-2022-0769
The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target
ποΈ CVE-2022-0781
The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before usi
ποΈ CVE-2022-0784
The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id paramet
ποΈ CVE-2022-0785
The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month para
ποΈ CVE-2022-0786
The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using
ποΈ CVE-2022-0787
The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape
ποΈ CVE-2022-0788
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitis
ποΈ CVE-2022-0814
The Ubigeo de PerΓΊ para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and esc
ποΈ CVE-2022-0817
The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it
ποΈ CVE-2022-0824
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
ποΈ CVE-2022-0826
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before
ποΈ CVE-2022-0827
The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before usi
ποΈ CVE-2022-0846
The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id
ποΈ CVE-2022-0864
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape
ποΈ CVE-2022-0867
The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied
ποΈ CVE-2022-0869
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
ποΈ CVE-2022-0870
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
ποΈ CVE-2022-0885
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the
ποΈ CVE-2022-0899
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before
ποΈ CVE-2022-0928
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
ποΈ CVE-2022-0948
The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id
ποΈ CVE-2022-0949
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin
ποΈ CVE-2022-0952
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks whe
ποΈ CVE-2022-0954
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autoresp
ποΈ CVE-2022-0963
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.1
ποΈ CVE-2022-0968
The microweber application allows large characters to insert in the input field 'fist & last name' w
ποΈ CVE-2022-1007
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room pa
ποΈ CVE-2022-1013
The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST
ποΈ CVE-2022-1020
The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have auth
ποΈ CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to e
ποΈ CVE-2022-1054
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation c
ποΈ CVE-2022-1057
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and e
ποΈ CVE-2022-1058
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
ποΈ CVE-2022-1119
The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via theΒ eeFile parame
ποΈ CVE-2022-1162
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, S
ποΈ CVE-2022-1168
There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before
ποΈ CVE-2022-1170
In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the
ποΈ CVE-2022-1221
The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parame
ποΈ CVE-2022-1329
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of severa
ποΈ CVE-2022-1386
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a param
ποΈ CVE-2022-1388
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p
ποΈ CVE-2022-1390
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given
ποΈ CVE-2022-1391
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter bef
ποΈ CVE-2022-1392
The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it
ποΈ CVE-2022-1398
The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and
ποΈ CVE-2022-1439
Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior t
ποΈ CVE-2022-1442
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper acces
ποΈ CVE-2022-1574
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importin
ποΈ CVE-2022-1595
The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a sp
ποΈ CVE-2022-1597
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not
ποΈ CVE-2022-1598
The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks aut
ποΈ CVE-2022-1609
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's
ποΈ CVE-2022-1713
SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as
ποΈ CVE-2022-1724
The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters
���ποΈ CVE-2022-1756
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'
ποΈ CVE-2022-1768
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficien
ποΈ CVE-2022-1815
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior
ποΈ CVE-2022-1883
SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.
ποΈ CVE-2022-1903
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator
ποΈ CVE-2022-1904
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape param
ποΈ CVE-2022-1906
The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before ou
ποΈ CVE-2022-1910
The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and esca
ποΈ CVE-2022-1916
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordP
ποΈ CVE-2022-1933
The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it
ποΈ CVE-2022-1937
The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outpu
ποΈ CVE-2022-1946
The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting
ποΈ CVE-2022-1952
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers
ποΈ CVE-2022-2034
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST
ποΈ CVE-2022-2174
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.
ποΈ CVE-2022-2185
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14
ποΈ CVE-2022-2187
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI']
ποΈ CVE-2022-2219
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting
ποΈ CVE-2022-2290
Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-be
ποΈ CVE-2022-2314
The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the
ποΈ CVE-2022-2373
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST
ποΈ CVE-2022-2376
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX ac
ποΈ CVE-2022-2379
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowin
ποΈ CVE-2022-2383
The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before o
ποΈ CVE-2022-2414
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks
ποΈ CVE-2022-2462
The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disc
ποΈ CVE-2022-2467
A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as crit
ποΈ CVE-2022-2486
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This af
ποΈ CVE-2022-2487
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulne
ποΈ CVE-2022-2488
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affe
ποΈ CVE-2022-2535
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live
ποΈ CVE-2022-2544
The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores upl
ποΈ CVE-2022-2546
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not p
ποΈ CVE-2022-2551
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated vi
ποΈ CVE-2022-2599
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise
ποΈ CVE-2022-2627
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in a
ποΈ CVE-2022-2633
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blin
ποΈ CVE-2022-2733
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
ποΈ CVE-2022-2756
Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.
ποΈ CVE-2022-2863
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a param
ποΈ CVE-2022-3062
The Simple File List WordPress plugin before 4.4.12 does not escape parameters before outputting the
ποΈ CVE-2022-3142
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before
ποΈ CVE-2022-3242
Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
ποΈ CVE-2022-3484
The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it bac
ποΈ CVE-2022-3506
Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.
ποΈ CVE-2022-3578
The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before output
ποΈ CVE-2022-3768
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a paramete
ποΈ CVE-2022-3800
A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this
ποΈ CVE-2022-3908
The Helloprint WordPress plugin before 1.4.7 does not sanitise and escape a parameter before outputt
ποΈ CVE-2022-3933
The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameter
ποΈ CVE-2022-3934
The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before output
ποΈ CVE-2022-3980
An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential c
ποΈ CVE-2022-3982
The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate upl
ποΈ CVE-2022-4049
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before us
ποΈ CVE-2022-4050
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before
ποΈ CVE-2022-4057
The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's export
ποΈ CVE-2022-4059
The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parame
ποΈ CVE-2022-4060
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be ca
ποΈ CVE-2022-4063
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when ren
ποΈ CVE-2022-4117
The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL s
ποΈ CVE-2022-4140
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to
ποΈ CVE-2022-4260
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which c
ποΈ CVE-2022-4295
The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before
ποΈ CVE-2022-4301
The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter befo
ποΈ CVE-2022-4305
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that
ποΈ CVE-2022-4306
The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a paramete
ποΈ CVE-2022-4320
The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a paramete
ποΈ CVE-2022-4321
The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is
ποΈ CVE-2022-4325
The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a paramete
ποΈ CVE-2022-4328
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be up
ποΈ CVE-2022-4447
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before u
ποΈ CVE-2022-4897
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before ou
ποΈ CVE-2022-21371
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Cont
ποΈ CVE-2022-21500
Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is
ποΈ CVE-2022-21587
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (
ποΈ CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a Maria
ποΈ CVE-2022-21705
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions us
ποΈ CVE-2022-22242
A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allow
ποΈ CVE-2022-22536
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Con
ποΈ CVE-2022-22733
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere El
ποΈ CVE-2022-22897
A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloT
ποΈ CVE-2022-22947
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code
ποΈ CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due t
ποΈ CVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing fu
ποΈ CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execut
ποΈ CVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypa
ποΈ CVE-2022-23102
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected
ποΈ CVE-2022-23131
In the case of instances where the SAML SSO authentication is enabled (non-default), session data ca
ποΈ CVE-2022-23134
After the initial setup process, some steps of setup.php file are reachable not only by super-admini
ποΈ CVE-2022-23178
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web in
ποΈ CVE-2022-23347
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks
ποΈ CVE-2022-23348
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
ποΈ CVE-2022-23544
MeterSphere is a one-stop open source continuous testing platform, covering test management, interfa
ποΈ CVE-2022-23779
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. Th
ποΈ CVE-2022-23808
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into a
ποΈ CVE-2022-23854
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit
ποΈ CVE-2022-23881
ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via da
ποΈ CVE-2022-23898
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in
ποΈ CVE-2022-23944
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.
ποΈ CVE-2022-24112
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Adm
ποΈ CVE-2022-24124
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and va
ποΈ CVE-2022-24129
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery
ποΈ CVE-2022-24181
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows
ποΈ CVE-2022-24223
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
ποΈ CVE-2022-24260
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileg
ποΈ CVE-2022-24264
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/
ποΈ CVE-2022-24265
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/
ποΈ CVE-2022-24266
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/
ποΈ CVE-2022-24288
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided
ποΈ CVE-2022-24384
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterToo
ποΈ CVE-2022-24627
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unaut
ποΈ CVE-2022-24681
Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Re
ποΈ CVE-2022-24716
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unaut
ποΈ CVE-2022-24816
JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs
ποΈ CVE-2022-24856
FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0
ποΈ CVE-2022-24899
Contao is a powerful open source CMS that allows you to create professional websites and scalable we
ποΈ CVE-2022-24900
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connec
ποΈ CVE-2022-24990
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password b
ποΈ CVE-2022-25082
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a comman
ποΈ CVE-2022-25125
MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/
ποΈ CVE-2022-25148
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and p
ποΈ CVE-2022-25149
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and p
ποΈ CVE-2022-25216
An absolute path traversal vulnerability allows a remote attacker to download any file on the Window
ποΈ CVE-2022-25323
ZEROF Web Server 2.0 allows /admin.back XSS.
ποΈ CVE-2022-25356
Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection.
ποΈ CVE-2022-25481
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allo
ποΈ CVE-2022-25485
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/aler
ποΈ CVE-2022-25486
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/aler
ποΈ CVE-2022-25487
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploa
ποΈ CVE-2022-25488
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin
ποΈ CVE-2022-25489
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the
ποΈ CVE-2022-25497
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
ποΈ CVE-2022-25568
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /c
ποΈ CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists th
ποΈ CVE-2022-26138
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluenc
ποΈ CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password c
ποΈ CVE-2022-26159
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to re
ποΈ CVE-2022-26233
Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to direct
ποΈ CVE-2022-26263
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via t
ποΈ CVE-2022-26352
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft
ποΈ CVE-2022-26564
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via
ποΈ CVE-2022-26833
An improper authentication vulnerability exists in the REST API functionality of Open Automation Sof
ποΈ CVE-2022-26960
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows un
ποΈ CVE-2022-27593
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS
ποΈ CVE-2022-27849
Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115
ποΈ CVE-2022-27926
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of
ποΈ CVE-2022-27927
A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used
ποΈ CVE-2022-27984
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter
ποΈ CVE-2022-27985
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/aler
ποΈ CVE-2022-28022
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /p
ποΈ CVE-2022-28023
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /p
ποΈ CVE-2022-28032
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php
ποΈ CVE-2022-28079
College Management System v1.0 was discovered to contain a SQL injection vulnerability via the cours
ποΈ CVE-2022-28080
Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the t
ποΈ CVE-2022-28117
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attac
ποΈ CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack
ποΈ CVE-2022-28290
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. Th
ποΈ CVE-2022-28363
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in
ποΈ CVE-2022-28365
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET reques
ποΈ CVE-2022-28923
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to r
ποΈ CVE-2022-28955
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folder
ποΈ CVE-2022-29004
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability vi
ποΈ CVE-2022-29005
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Onlin
ποΈ CVE-2022-29006
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel o
ποΈ CVE-2022-29007
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel o
ποΈ CVE-2022-29009
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel o
ποΈ CVE-2022-29013
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows
ποΈ CVE-2022-29014
A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attacke
ποΈ CVE-2022-29078
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template in
ποΈ CVE-2022-29153
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side reques
ποΈ CVE-2022-29272
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could l
ποΈ CVE-2022-29298
SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal.
ποΈ CVE-2022-29299
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidat
ποΈ CVE-2022-29301
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidat
ποΈ CVE-2022-29303
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail
ποΈ CVE-2022-29349
kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url p
ποΈ CVE-2022-29383
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection v
ποΈ CVE-2022-29455
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builde
ποΈ CVE-2022-29464
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attac
ποΈ CVE-2022-29548
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Ma
ποΈ CVE-2022-29775
iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.
ποΈ CVE-2022-30073
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.
ποΈ CVE-2022-30489
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostna
ποΈ CVE-2022-30512
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.p
ποΈ CVE-2022-30513
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via ad
ποΈ CVE-2022-30514
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via ad
ποΈ CVE-2022-30525
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5
ποΈ CVE-2022-30776
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
ποΈ CVE-2022-30777
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
ποΈ CVE-2022-31126
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers.
ποΈ CVE-2022-31268
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//..
ποΈ CVE-2022-31269
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that al
ποΈ CVE-2022-31299
Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Use
ποΈ CVE-2022-31373
SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the
ποΈ CVE-2022-31474
Directory Traversal vulnerability in iThemes BackupBuddy plugin 8.5.8.0 - 8.7.4.1 versions.
ποΈ CVE-2022-31499
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject O
ποΈ CVE-2022-31656
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypa
ποΈ CVE-2022-31798
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS w
ποΈ CVE-2022-31814
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as roo
ποΈ CVE-2022-31845
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obta
ποΈ CVE-2022-31846
A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain
ποΈ CVE-2022-31847
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attac
ποΈ CVE-2022-31854
Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change
ποΈ CVE-2022-31879
Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.
ποΈ CVE-2022-31974
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=
ποΈ CVE-2022-31975
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_u
ποΈ CVE-2022-31976
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=dele
ποΈ CVE-2022-31977
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=dele
ποΈ CVE-2022-31978
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=dele
ποΈ CVE-2022-31980
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_
ποΈ CVE-2022-31981
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_te
ποΈ CVE-2022-31982
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view
ποΈ CVE-2022-31983
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/mana
ποΈ CVE-2022-31984
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_actio
ποΈ CVE-2022-32007
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.
ποΈ CVE-2022-32015
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category
ποΈ CVE-2022-32018
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&s
ποΈ CVE-2022-32022
Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-syste
ποΈ CVE-2022-32024
Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/bo
ποΈ CVE-2022-32025
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/a
ποΈ CVE-2022-32026
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/a
ποΈ CVE-2022-32028
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/a
ποΈ CVE-2022-32094
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the logi
ποΈ CVE-2022-32195
Open edX platform before 2022-06-06 allows XSS via the 'next' parameter in the logout URL.
ποΈ CVE-2022-32409
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Pub
ποΈ CVE-2022-32429
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of M
ποΈ CVE-2022-32430
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend informa
ποΈ CVE-2022-32444
An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can caus
ποΈ CVE-2022-32770
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo
ποΈ CVE-2022-32771
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo
ποΈ CVE-2022-32772
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo
ποΈ CVE-2022-33119
NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scrip
ποΈ CVE-2022-33174
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote
ποΈ CVE-2022-33891
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.en
ποΈ CVE-2022-33901
Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4
ποΈ CVE-2022-33965
Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plug
ποΈ CVE-2022-34045
Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key
ποΈ CVE-2022-34046
An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames a
ποΈ CVE-2022-34047
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames
ποΈ CVE-2022-34048
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS)
ποΈ CVE-2022-34049
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to
ποΈ CVE-2022-34093
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting
ποΈ CVE-2022-34094
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting
ποΈ CVE-2022-34121
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the componen
ποΈ CVE-2022-34328
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
ποΈ CVE-2022-34576
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows atta
ποΈ CVE-2022-34590
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the edit
ποΈ CVE-2022-34753
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ποΈ CVE-2022-35151
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via
ποΈ CVE-2022-35405
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthe
ποΈ CVE-2022-35413
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access
ποΈ CVE-2022-35416
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.
ποΈ CVE-2022-35493
A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in,
ποΈ CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to in
ποΈ CVE-2022-35914
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP
ποΈ CVE-2022-36446
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
ποΈ CVE-2022-36537
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive info
ποΈ CVE-2022-36553
Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability
ποΈ CVE-2022-36642
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node thr
ποΈ CVE-2022-36804
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, fr
ποΈ CVE-2022-36883
A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers
ποΈ CVE-2022-37042
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP arc
ποΈ CVE-2022-37153
An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password p
ποΈ CVE-2022-37190
CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both pa
ποΈ CVE-2022-37191
The component 'cuppa/api/index.php' of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can
ποΈ CVE-2022-37299
An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cau
ποΈ CVE-2022-38131
RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could al
ποΈ CVE-2022-38295
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view
ποΈ CVE-2022-38296
Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager
ποΈ CVE-2022-38463
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
ποΈ CVE-2022-38467
Reflected Cross-Site Scripting (XSS) vulnerability inΒ CRM Perks Forms β WordPress Form Builder <=Β 1.
ποΈ CVE-2022-38553
Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site sc
ποΈ CVE-2022-38637
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via
ποΈ CVE-2022-38794
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.
ποΈ CVE-2022-38817
Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attacker
ποΈ CVE-2022-38870
Free5gc v3.2.1 is vulnerable to Information disclosure.
ποΈ CVE-2022-39048
A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vu
ποΈ CVE-2022-39195
A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers
ποΈ CVE-2022-39952
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.
ποΈ CVE-2022-39960
The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks.
ποΈ CVE-2022-39986
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to exe
ποΈ CVE-2022-40022
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulne
ποΈ CVE-2022-40032
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' an
ποΈ CVE-2022-40047
Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via
ποΈ CVE-2022-40083
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler
ποΈ CVE-2022-40127
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger
ποΈ CVE-2022-40359
Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.
ποΈ CVE-2022-40684
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.
ποΈ CVE-2022-40734
UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.
ποΈ CVE-2022-40843
The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / imprope
ποΈ CVE-2022-40879
kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'
ποΈ CVE-2022-40881
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.
ποΈ CVE-2022-41412
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sen
ποΈ CVE-2022-41441
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arb
ποΈ CVE-2022-41473
RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the S
ποΈ CVE-2022-41840
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
ποΈ CVE-2022-42094
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerabil
ποΈ CVE-2022-42095
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerabil
ποΈ CVE-2022-42096
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerabil
ποΈ CVE-2022-42233
Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.
ποΈ CVE-2022-42746
CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to st
ποΈ CVE-2022-42747
CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal
ποΈ CVE-2022-42748
CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker t
ποΈ CVE-2022-42749
CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal t
ποΈ CVE-2022-43014
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t
ποΈ CVE-2022-43015
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t
ποΈ CVE-2022-43016
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t
ποΈ CVE-2022-43017
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t
ποΈ CVE-2022-43018
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t
ποΈ CVE-2022-43140
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component c
ποΈ CVE-2022-43164
A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=glo
ποΈ CVE-2022-43165
A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module
ποΈ CVE-2022-43166
A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=
ποΈ CVE-2022-43167
A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=use
ποΈ CVE-2022-43169
A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?mod
ποΈ CVE-2022-43170
A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?
ποΈ CVE-2022-43185
A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovodite
ποΈ CVE-2022-43769
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including
ποΈ CVE-2022-44290
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in dele
ποΈ CVE-2022-44291
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phas
ποΈ CVE-2022-44877
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote
ποΈ CVE-2022-44944
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th
ποΈ CVE-2022-44946
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th
ποΈ CVE-2022-44947
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th
ποΈ CVE-2022-44948
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th
ποΈ CVE-2022-44949
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th
ποΈ CVE-2022-44950
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th
ποΈ CVE-2022-44951
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th
ποΈ CVE-2022-44952
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /i
ποΈ CVE-2022-44957
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the componen
ποΈ CVE-2022-45037
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attac
ποΈ CVE-2022-45038
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows att
ποΈ CVE-2022-45354
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor
ποΈ CVE-2022-45362
Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects P
ποΈ CVE-2022-45365
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
ποΈ CVE-2022-45805
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
ποΈ CVE-2022-45835
Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue aff
ποΈ CVE-2022-45917
ILIAS before 7.16 has an Open Redirect.
ποΈ CVE-2022-45933
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrap
ποΈ CVE-2022-46020
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.
ποΈ CVE-2022-46071
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability ca
ποΈ CVE-2022-46073
Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).
ποΈ CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and f
ποΈ CVE-2022-46381
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the b
ποΈ CVE-2022-46443
mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.
ποΈ CVE-2022-46463
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private ima
ποΈ CVE-2022-46888
Multiple reflective cross-site scripting (XSS) vulnerabilities in NexusPHP before 1.7.33 allow remot
ποΈ CVE-2022-46934
kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url p
ποΈ CVE-2022-47002
A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to
ποΈ CVE-2022-47003
A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass
ποΈ CVE-2022-47075
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive
ποΈ CVE-2022-47501
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr
ποΈ CVE-2022-47615
Local File Inclusion vulnerability inΒ LearnPress β WordPress LMS Plugin <= 4.1.7.3.2 versions.
ποΈ CVE-2022-47945
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the languag
ποΈ CVE-2022-47966
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote
ποΈ CVE-2022-47986
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrar
ποΈ CVE-2022-48012
Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via t
ποΈ CVE-2022-48165
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.21
ποΈ CVE-2022-48197
Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php ren