Search Results (367102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28077 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2024-11-21 6.1 Medium
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.
CVE-2022-28076 1 Seacms 1 Seacms 2024-11-21 7.2 High
Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings.
CVE-2022-28074 1 Fit2cloud 1 Halo 2024-11-21 4.8 Medium
Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.
CVE-2022-28073 1 Radare 1 Radare2 2024-11-21 7.5 High
A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.
CVE-2022-28072 1 Radare 1 Radare2 2024-11-21 7.5 High
A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.
CVE-2022-28071 1 Radare 1 Radare2 2024-11-21 7.5 High
A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.
CVE-2022-28070 1 Radare 1 Radare2 2024-11-21 7.5 High
A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.
CVE-2022-28069 1 Radare 1 Radare2 2024-11-21 7.5 High
A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.
CVE-2022-28068 1 Radare 1 Radare2 2024-11-21 7.5 High
A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.
CVE-2022-28067 1 Sandboxie 1 Sandboxie 2024-11-21 8.6 High
An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable.
CVE-2022-28063 1 Simple Bakery Shop Management System Project 1 Simple Bakery Shop Management System 2024-11-21 4.9 Medium
Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products.
CVE-2022-28062 1 Online Car Rental System Project 1 Online Car Rental System 2024-11-21 8.8 High
Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code.
CVE-2022-28060 1 Victor Cms Project 1 Victor Cms 2024-11-21 7.5 High
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.
CVE-2022-28059 1 Verydows 1 Verydows 2024-11-21 8.1 High
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php.
CVE-2022-28058 1 Verydows 1 Verydows 2024-11-21 8.1 High
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php.
CVE-2022-28056 1 Shopxo 1 Shopxo 2024-11-21 9.8 Critical
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php.
CVE-2022-28055 1 Fusionpbx 1 Fusionpbx 2024-11-21 9.8 Critical
Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.
CVE-2022-28054 2 Microsoft, Vandyke 2 Windows, Vshell 2024-11-21 9.8 Critical
Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value.
CVE-2022-28053 1 Typemill 1 Typemill 2024-11-21 8.8 High
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-28052 1 Roothub 1 Roothub 2024-11-21 8.0 High
Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution.