Search Results (363368 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28448 1 Nopcommerce 1 Nopcommerce 2024-11-21 5.4 Medium
nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.
CVE-2022-28445 1 Kitesky 1 Kitecms 2024-11-21 6.5 Medium
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.
CVE-2022-28444 1 Ucms Project 1 Ucms 2024-11-21 7.5 High
UCMS v1.6 was discovered to contain an arbitrary file read vulnerability.
CVE-2022-28443 1 Ucms Project 1 Ucms 2024-11-21 9.1 Critical
UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.
CVE-2022-28440 1 Ucms Project 1 Ucms 2024-11-21 8.8 High
An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-28417 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2024-11-21 9.8 Critical
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.
CVE-2022-28416 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2024-11-21 9.8 Critical
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.
CVE-2022-28415 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2024-11-21 9.8 Critical
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_collection.
CVE-2022-28414 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2024-11-21 9.8 Critical
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_member.
CVE-2022-28413 1 Car Driving School Management System Project 1 Car Driving School Management System 2024-11-21 9.8 Critical
Car Driving School Management System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_enrollment.
CVE-2022-28412 1 Car Driving School Management System Project 1 Car Driving School Management System 2024-11-21 9.8 Critical
Car Driving School Managment System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_package.
CVE-2022-28411 1 Simple Real Estate Portal System Portal 1 Simple Real Estate Portal System 2024-11-21 9.8 Critical
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/admin/?page=agents/manage_agent.
CVE-2022-28410 1 Simple Real Estate Portal System Project 1 Simple Real Estate Portal System 2024-11-21 9.8 Critical
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Users.php?f=delete_agent.
CVE-2022-28397 1 Ghost 1 Ghost 2024-11-21 9.8 Critical
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional
CVE-2022-28394 1 Trendmicro 1 Password Manager 2024-11-21 7.8 High
EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x).
CVE-2022-28389 4 Debian, Fedoraproject, Linux and 1 more 19 Debian Linux, Fedora, Linux Kernel and 16 more 2024-11-21 5.5 Medium
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28387 1 Verbatim 4 Executive Fingerprint Secure Ssd, Executive Fingerprint Secure Ssd Firmware, Fingerprint Secure Portable Hard Drive and 1 more 2024-11-21 4.6 Medium
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.
CVE-2022-28386 1 Verbatim 4 Gd25lk01-3637-c, Gd25lk01-3637-c Firmware, Keypad Secure Usb 3.2 Gen 1 and 1 more 2024-11-21 4.6 Medium
An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.
CVE-2022-28385 1 Verbatim 4 Executive Fingerprint Secure Ssd, Executive Fingerprint Secure Ssd Firmware, Fingerprint Secure Portable Hard Drive and 1 more 2024-11-21 4.6 Medium
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive (containing the Windows and macOS client software). The content of this emulated CD-ROM drive is stored as an ISO-9660 image in the hidden sectors of the USB drive, that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure. By manipulating this ISO-9660 image or replacing it with another one, an attacker is able to store malicious software on the emulated CD-ROM drive. This software may get executed by an unsuspecting victim when using the device. For example, an attacker with temporary physical access during the supply chain could program a modified ISO-9660 image on a device that always accepts an attacker-controlled password for unlocking the device. If the attacker later on gains access to the used USB drive, he can simply decrypt all contained user data. Storing arbitrary other malicious software is also possible. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.
CVE-2022-28384 1 Verbatim 4 Keypad Secure Usb 3.2 Gen 1, Keypad Secure Usb 3.2 Gen 1 Firmware, Store \'n\' Go Secure Portable Hdd and 1 more 2024-11-21 5.5 Medium
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.