Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27125 1 Zbzcms 1 Zbzcms 2024-11-21 6.1 Medium
zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php.
CVE-2022-27123 1 Employee Performance Evaluation Project 1 Employee Performance Evaluation 2024-11-21 9.8 Critical
Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.
CVE-2022-27115 2 Microsoft, Std42 2 Windows, Elfinder 2024-11-21 9.8 Critical
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
CVE-2022-27114 2 Debian, Htmldoc Project 2 Debian Linux, Htmldoc 2024-11-21 5.5 Medium
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.
CVE-2022-27111 1 Jflyfox 1 Jfinal Cms 2024-11-21 5.4 Medium
Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.
CVE-2022-27110 1 Orangehrm 1 Orangehrm 2024-11-21 5.4 Medium
OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint.
CVE-2022-27109 1 Orangehrm 1 Orangehrm 2024-11-21 5.4 Medium
OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability.
CVE-2022-27108 1 Orangehrm 1 Orangehrm 2024-11-21 4.3 Medium
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account.
CVE-2022-27107 1 Orangehrm 1 Orangehrm 2024-11-21 5.4 Medium
OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameter
CVE-2022-27105 1 Digitus 1 Inmailx 2024-11-21 5.4 Medium
InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users.
CVE-2022-27104 1 Formalms 1 Formalms 2024-11-21 9.8 Critical
An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.
CVE-2022-27103 1 Element-plus 1 Element-plus 2024-11-21 6.1 Medium
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.
CVE-2022-27095 1 Battleye 1 Battleye 2024-11-21 7.8 High
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2022-27094 1 Sony 1 Playmemories Home 2024-11-21 6.7 Medium
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
CVE-2022-27090 1 Chshcms 1 Cscms 2024-11-21 5.4 Medium
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.
CVE-2022-27089 1 Fujitsu 1 Plugfree Network 2024-11-21 7.8 High
In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.
CVE-2022-27088 1 Ivanti 1 Dsm Remote 2024-11-21 7.8 High
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.
CVE-2022-27083 1 Tenda 2 M3, M3 Firmware 2024-11-21 9.8 Critical
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.
CVE-2022-27082 1 Tenda 2 M3, M3 Firmware 2024-11-21 9.8 Critical
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.
CVE-2022-27081 1 Tenda 2 M3, M3 Firmware 2024-11-21 9.8 Critical
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.