Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-42117 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-42117)
cross-site scripting in liferay (CVE-2022-42117). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-21626 |
|
Vulnerability in c (CVE-2022-21626)
vulnerability in c (CVE-2022-21626). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-38902 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-38902)
cross-site scripting in liferay (CVE-2022-38902). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40440 |
|
Cross-Site Scripting (XSS) in jgraph (CVE-2022-40440)
cross-site scripting in jgraph (CVE-2022-40440). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40047 |
|
Cross-Site Scripting (XSS) in flatpress (CVE-2022-40047)
cross-site scripting in flatpress (CVE-2022-40047). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40227 |
|
Vulnerability in dos (CVE-2022-40227)
vulnerability in dos (CVE-2022-40227). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-36635 |
|
SQL Injection in sqli (CVE-2022-36635)
SQL injection in sqli (CVE-2022-36635). Successful exploitation can lead to full system takeover.
|
| CVE-2022-40123 |
|
Path Traversal in path-traversal (CVE-2022-40123)
path traversal in path-traversal (CVE-2022-40123). Confidential information can be exposed externally.
|
| CVE-2022-36551 |
|
SSRF (Server-Side Request Forgery) in label-studio (CVE-2022-36551)
SSRF in label-studio (CVE-2022-36551). Confidential information can be exposed externally. Mitigation: upgrade to `1.5.0.post0` or later.
|
| CVE-2022-35156 |
|
SQL Injection in sqli (CVE-2022-35156)
SQL injection in sqli (CVE-2022-35156). Successful exploitation can lead to full system takeover.
|
| CVE-2022-35155 |
|
Cross-Site Scripting (XSS) in phpgurukul (CVE-2022-35155)
cross-site scripting in phpgurukul (CVE-2022-35155). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40048 |
|
Unrestricted File Upload in flatpress (CVE-2022-40048)
vulnerability in flatpress (CVE-2022-40048). Successful exploitation can lead to full system takeover.
|
| CVE-2022-38553 |
|
Cross-Site Scripting (XSS) in creativeitem (CVE-2022-38553)
cross-site scripting in creativeitem (CVE-2022-38553). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-34026 |
|
ICEcoder v8.1 allows attackers to execute a directory traversal.
ICEcoder v8.1 allows attackers to execute a directory traversal.
|
| CVE-2022-2266 |
|
Cross-Site Scripting (XSS) in yordam (CVE-2022-2266)
cross-site scripting in yordam (CVE-2022-2266). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-28980 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-28980)
cross-site scripting in liferay (CVE-2022-28980). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-28981 |
|
Path Traversal in path-traversal (CVE-2022-28981)
path traversal in path-traversal (CVE-2022-28981). Confidential information can be exposed externally. Exploitable via ``parameter``.
|
| CVE-2022-28978 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-28978)
cross-site scripting in liferay (CVE-2022-28978). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-28979 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-28979)
cross-site scripting in liferay (CVE-2022-28979). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-28982 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-28982)
cross-site scripting in liferay (CVE-2022-28982). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40030 |
|
SQL Injection in sqli (CVE-2022-40030)
SQL injection in sqli (CVE-2022-40030). Successful exploitation can lead to full system takeover.
|
| CVE-2022-40027 |
|
Cross-Site Scripting (XSS) in simple-task-managing-system-project (CVE-2022-40027)
cross-site scripting in simple-task-managing-system-project (CVE-2022-40027). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40028 |
|
Cross-Site Scripting (XSS) in simple-task-managing-system-project (CVE-2022-40028)
cross-site scripting in simple-task-managing-system-project (CVE-2022-40028). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-40029 |
|
Cross-Site Scripting (XSS) in simple-task-managing-system-project (CVE-2022-40029)
cross-site scripting in simple-task-managing-system-project (CVE-2022-40029). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-2265 |
|
Path Traversal in path-traversal (CVE-2022-2265)
path traversal in path-traversal (CVE-2022-2265). Confidential information can be exposed externally.
|
| CVE-2022-0495 |
|
SQL Injection in sqli (CVE-2022-0495)
SQL injection in sqli (CVE-2022-0495). Confidential information can be exposed externally.
|
| CVE-2022-2315 |
|
SQL Injection in sqli (CVE-2022-2315)
SQL injection in sqli (CVE-2022-2315). Confidential information can be exposed externally.
|
| CVE-2022-38619 |
|
SQL Injection in sqli (CVE-2022-38619)
SQL injection in sqli (CVE-2022-38619). Successful exploitation can lead to full system takeover.
|
| CVE-2022-2177 |
|
SQL Injection in sqli (CVE-2022-2177)
SQL injection in sqli (CVE-2022-2177). Confidential information can be exposed externally.
|
| CVE-2022-38618 |
|
SQL Injection in sqli (CVE-2022-38618)
SQL injection in sqli (CVE-2022-38618). Successful exploitation can lead to full system takeover.
|
| CVE-2022-37700 |
|
Path Traversal in path-traversal (CVE-2022-37700)
path traversal in path-traversal (CVE-2022-37700). Confidential information can be exposed externally.
|
| CVE-2022-38617 |
|
SQL Injection in sqli (CVE-2022-38617)
SQL injection in sqli (CVE-2022-38617). Successful exploitation can lead to full system takeover.
|
| CVE-2022-36534 |
|
Command Injection in syncovery (CVE-2022-36534)
command injection in syncovery (CVE-2022-36534). Successful exploitation can lead to full system takeover.
|
| CVE-2022-36533 |
|
Cross-Site Scripting (XSS) in syncovery (CVE-2022-36533)
cross-site scripting in syncovery (CVE-2022-36533). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-37251 |
|
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
|
| CVE-2022-37775 |
|
Cross-Site Scripting (XSS) in genesys (CVE-2022-37775)
cross-site scripting in genesys (CVE-2022-37775). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-36532 |
|
Vulnerability in bolt (CVE-2022-36532)
vulnerability in bolt (CVE-2022-36532). Successful exploitation can lead to full system takeover.
|
| CVE-2022-29649 |
|
Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.
Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.
|
| CVE-2022-38013 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-38013)
vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-38013). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.9` or later.
|
| CVE-2022-38616 |
|
SQL Injection in sqli (CVE-2022-38616)
SQL injection in sqli (CVE-2022-38616). Successful exploitation can lead to full system takeover.
|
| CVE-2022-34108 |
|
Vulnerability in dos (CVE-2022-34108)
vulnerability in dos (CVE-2022-34108). Data can be tampered with by attackers.
|
| CVE-2022-38615 |
|
SQL Injection in sqli (CVE-2022-38615)
SQL injection in sqli (CVE-2022-38615). Successful exploitation can lead to full system takeover.
|
| CVE-2022-38613 |
|
Path Traversal in path-traversal (CVE-2022-38613)
path traversal in path-traversal (CVE-2022-38613). Confidential information can be exposed externally.
|
| CVE-2022-38096 |
|
Vulnerability in c (CVE-2022-38096)
vulnerability in c (CVE-2022-38096). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26258 KEV |
|
[KEV] OS Command Injection in D-link dir-820l (CVE-2022-26258)
OS command injection in D-link dir-820l (CVE-2022-26258). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2022-35192 |
|
Vulnerability in dos (CVE-2022-35192)
vulnerability in dos (CVE-2022-35192). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-14519 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2018-14519)
vulnerability in csrf (CVE-2018-14519). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-35191 |
|
Vulnerability in dos (CVE-2022-35191)
vulnerability in dos (CVE-2022-35191). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-28598 |
|
Cross-Site Scripting (XSS) in frappe (CVE-2022-28598)
cross-site scripting in frappe (CVE-2022-28598). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-35554 |
|
Cross-Site Scripting (XSS) in bpcbt (CVE-2022-35554)
cross-site scripting in bpcbt (CVE-2022-35554). Risk of unauthorized operations or information disclosure.
|