Search Results (363261 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-46824 2 Apple, Jetbrains 2 Macos, Intellij Idea 2025-04-23 5.6 Medium
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
CVE-2022-46825 1 Jetbrains 1 Intellij Idea 2025-04-23 4 Medium
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
CVE-2022-46826 1 Jetbrains 1 Intellij Idea 2025-04-23 6.2 Medium
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
CVE-2022-46829 1 Jetbrains 1 Jetbrains Gateway 2025-04-23 7.1 High
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
CVE-2022-46830 1 Jetbrains 1 Teamcity 2025-04-23 4.1 Medium
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
CVE-2023-51302 1 Phpjabbers 1 Hotel Booking System 2025-04-23 8.8 High
PHPJabbers Hotel Booking System v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.
CVE-2024-40110 2 Nikhil-bhalerao, Poultry Farm Management System Project 2 Poultry Farm Management System, Poultry Farm Management System 2025-04-23 9.8 Critical
Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php.
CVE-2024-40402 2 Nikhil-bhalerao, Sourcecodester 2 Simple Library Management System, Simple Library Management System 2025-04-23 6.3 Medium
A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries.
CVE-2022-29838 1 Westerndigital 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more 2025-04-23 4.3 Medium
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.
CVE-2022-45758 1 Sens Project 1 Sens 2025-04-23 5.4 Medium
SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister.
CVE-2022-45479 1 Beappsmobile 1 Pc Keyboard Wifi\&bluetooth 2025-04-23 9.8 Critical
PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-45292 1 Funkwhale 1 Funkwhale 2025-04-23 5.3 Medium
User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.
CVE-2022-45290 1 Kbase Doc Project 1 Kbase Doc 2025-04-23 9.1 Critical
Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java.
CVE-2022-45275 1 Dynamic Transaction Queuing System Project 1 Dynamic Transaction Queuing System 2025-04-23 7.2 High
An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-45269 1 Gmaolinx 1 Linx Sphere 2025-04-23 7.5 High
A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.
CVE-2022-45228 1 Dragino 2 Lg01 Lora, Lg01 Lora Firmware 2025-04-23 3.5 Low
Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.
CVE-2022-45227 1 Dragino 2 Lg01 Lora, Lg01 Lora Firmware 2025-04-23 7.5 High
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.
CVE-2022-45145 1 Call-cc 1 Chicken 2025-04-23 9.8 Critical
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.
CVE-2022-45009 1 Online Leave Management System Project 1 Online Leave Management System 2025-04-23 7.2 High
Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-45008 1 Online Leave Management System Project 1 Online Leave Management System 2025-04-23 4.8 Medium
Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module.