Total
291504 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45008 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2025-04-23 | 4.8 Medium |
| Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module. | ||||
| CVE-2022-44942 | 1 Casbin | 1 Casdoor | 2025-04-23 | 8.1 High |
| Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. | ||||
| CVE-2022-44849 | 1 Metinfo | 1 Metinfo | 2025-04-23 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. | ||||
| CVE-2022-44637 | 1 Redmine | 1 Redmine | 2025-04-23 | 6.1 Medium |
| Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user. | ||||
| CVE-2022-44620 | 1 Unimo | 6 Udr-ja1604, Udr-ja1604 Firmware, Udr-ja1608 and 3 more | 2025-04-23 | 8.8 High |
| Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||
| CVE-2022-44608 | 1 Cybozu | 1 Cybozu Remote Service | 2025-04-23 | 7.5 High |
| Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition. | ||||
| CVE-2022-44606 | 1 Unimo | 6 Udr-ja1604, Udr-ja1604 Firmware, Udr-ja1608 and 3 more | 2025-04-23 | 8.8 High |
| OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||
| CVE-2022-44393 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-23 | 7.2 High |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. | ||||
| CVE-2022-44373 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2025-04-23 | 8.8 High |
| A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution. | ||||
| CVE-2022-44371 | 1 Hope-boot Project | 1 Hope-boot | 2025-04-23 | 9.8 Critical |
| hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). | ||||
| CVE-2022-43668 | 1 Typora | 1 Typora | 2025-04-23 | 6.1 Medium |
| Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. | ||||
| CVE-2022-43667 | 1 Omron | 1 Cx-programmer | 2025-04-23 | 7.8 High |
| Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | ||||
| CVE-2022-43660 | 1 Sixapart | 1 Movable Type | 2025-04-23 | 7.2 High |
| Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. | ||||
| CVE-2022-3641 | 1 Devolutions | 1 Remote Desktop Manager | 2025-04-23 | 8.8 High |
| Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account. | ||||
| CVE-2025-46253 | 2025-04-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.2.2. | ||||
| CVE-2025-46252 | 2025-04-23 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2. | ||||
| CVE-2025-28104 | 2025-04-23 | N/A | ||
| Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input. | ||||
| CVE-2025-2517 | 2025-04-23 | N/A | ||
| Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. | ||||
| CVE-2025-23174 | 2025-04-23 | 7.5 High | ||
| CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2025-28099 | 2025-04-23 | N/A | ||
| opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp, | ||||