Search Results (363371 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28508 1 Mantisbt 1 Mantisbt 2024-11-21 6.1 Medium
An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
CVE-2022-28507 1 Bdt-121 Project 2 Bdt-121, Bdt-121 Firmware 2024-11-21 4.8 Medium
Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page.
CVE-2022-28506 2 Fedoraproject, Giflib Project 2 Fedora, Giflib 2024-11-21 5.5 Medium
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.
CVE-2022-28505 1 Jflyfox 1 Jfinal Cms 2024-11-21 7.2 High
Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.
CVE-2022-28488 1 Libwav Project 1 Libwav 2024-11-21 7.5 High
The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability.
CVE-2022-28487 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2024-11-21 7.5 High
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.
CVE-2022-28481 1 Csv-safe Project 1 Csv-safe 2024-11-21 9.8 Critical
CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.
CVE-2022-28480 1 Allmediaserver 1 Allmediaserver 2024-11-21 9.8 Critical
ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe.
CVE-2022-28479 1 Seeddms 1 Seeddms 2024-11-21 4.8 Medium
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu
CVE-2022-28478 1 Seeddms 1 Seeddms 2024-11-21 6.5 Medium
SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system.
CVE-2022-28477 1 Wbce 1 Wbce Cms 2024-11-21 6.1 Medium
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).
CVE-2022-28471 1 Rockcarry 1 Ffjpeg 2024-11-21 6.5 Medium
In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38
CVE-2022-28470 1 Python 1 Pypi 2024-11-21 9.8 Critical
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
CVE-2022-28468 1 Payroll Management System Project 1 Payroll Management System 2024-11-21 9.8 Critical
Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
CVE-2022-28467 1 Online Student Admission Project 1 Online Student Admission 2024-11-21 9.8 Critical
Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter.
CVE-2022-28464 1 Apifox 1 Apifox 2024-11-21 9.0 Critical
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution.
CVE-2022-28462 1 Xxyopen 1 Novel-plus 2024-11-21 7.5 High
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
CVE-2022-28461 1 Mingyuefusu Project 1 Mingyuefusu 2024-11-21 9.8 Critical
mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection.
CVE-2022-28454 1 Limbas 1 Limbas 2024-11-21 6.1 Medium
Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).
CVE-2022-28452 1 Redplanetcomputers 1 Laundry Management System 2024-11-21 9.8 Critical
Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.