Export limit exceeded: 341484 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341484 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25925 | 1 Openmrs | 1 Openmrs | 2025-05-21 | 4.8 Medium |
| A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form. | ||||
| CVE-2022-41571 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-05-21 | 9.8 Critical |
| An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur. | ||||
| CVE-2022-41347 | 1 Zimbra | 1 Collaboration | 2025-05-21 | 7.8 High |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. | ||||
| CVE-2022-40927 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2025-05-21 | 7.2 High |
| Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_designation. | ||||
| CVE-2022-40926 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2025-05-21 | 7.2 High |
| Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_leave_type. | ||||
| CVE-2022-40485 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-21 | 9.8 Critical |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php. | ||||
| CVE-2022-40484 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-21 | 9.8 Critical |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php. | ||||
| CVE-2022-40483 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-21 | 9.8 Critical |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php. | ||||
| CVE-2022-40404 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-21 | 8.8 High |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/select.php. | ||||
| CVE-2022-40403 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-21 | 7.2 High |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/feature_edit.php. | ||||
| CVE-2022-40402 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-21 | 8.8 High |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_assign.php. | ||||
| CVE-2022-40199 | 1 Ec-cube | 1 Ec-cube | 2025-05-21 | 2.7 Low |
| Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information. | ||||
| CVE-2022-40099 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-05-21 | 7.2 High |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense_category.php. | ||||
| CVE-2022-40098 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-05-21 | 7.2 High |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_expense.php. | ||||
| CVE-2022-40097 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2025-05-21 | 7.2 High |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_currency.php. | ||||
| CVE-2022-40050 | 1 Zfile | 1 Zfile | 2025-05-21 | 9.8 Critical |
| ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. | ||||
| CVE-2022-3055 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | 8.8 High |
| Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-3054 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | 6.5 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-3053 | 3 Apple, Fedoraproject, Google | 3 Macos, Fedora, Chrome | 2025-05-21 | 4.3 Medium |
| Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. | ||||
| CVE-2022-3052 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2025-05-21 | 8.8 High |
| Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. | ||||