Search Results (363673 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-30464 1 Chatbot App With Suggestion Project 1 Chatbot App With Suggestion 2024-11-21 5.4 Medium
ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response.
CVE-2022-30463 1 Automotive Shop Management System Project 1 Automotive Shop Management System 2024-11-21 8.8 High
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.
CVE-2022-30462 1 Water Billing System Project 1 Water Billing System 2024-11-21 5.4 Medium
Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname.
CVE-2022-30461 1 Water Billing System Project 1 Water Billing System 2024-11-21 9.8 Critical
Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id
CVE-2022-30460 1 Simple Social Networking Site Project 1 Simple Social Networking Site 2024-11-21 5.4 Medium
Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname.
CVE-2022-30459 1 Chatbot App With Suggestion Project 1 Chatbot App With Suggestion 2024-11-21 8.8 High
ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id.
CVE-2022-30458 1 Automotive Shop Management System Project 1 Automotive Shop Management System 2024-11-21 5.4 Medium
Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name.
CVE-2022-30456 1 Badminton Center Management System Project 1 Badminton Center Management System 2024-11-21 5.4 Medium
Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental.
CVE-2022-30455 1 Badminton Center Management System Project 1 Badminton Center Management System 2024-11-21 9.8 Critical
Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id.
CVE-2022-30454 1 Merchandise Online Store Project 1 Merchandise Online Store 2024-11-21 9.8 Critical
Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.
CVE-2022-30453 1 Shopwind 1 Shopwind 2024-11-21 9.8 Critical
ShopWind <= 3.4.2 has a RCE vulnerability in Database.php
CVE-2022-30452 1 Shopwind 1 Shopwind 2024-11-21 7.2 High
ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php
CVE-2022-30451 1 Waimairencms Project 1 Waimairencms 2024-11-21 8.8 High
An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1.
CVE-2022-30450 1 Waimairencms Project 1 Waimairencms 2024-11-21 9.8 Critical
A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php
CVE-2022-30449 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php.
CVE-2022-30448 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php.
CVE-2022-30429 1 Neos 1 Neos Cms 2024-11-21 5.4 Medium
Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions.
CVE-2022-30428 1 Ginadmin Project 1 Ginadmin 2024-11-21 7.5 High
In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading.
CVE-2022-30427 1 Ginadmin Project 1 Ginadmin 2024-11-21 7.5 High
In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal.
CVE-2022-30425 1 Tenda 2 Hg6, Hg6 Firmware 2024-11-21 8.8 High
Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request.