Vulnerabilities (CVE)

Total 364749 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26263 1 Yonyou 1 U8\+ 2026-07-09 4.3 MEDIUM 6.1 MEDIUM
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.
CVE-2022-26251 1 Synametrics 1 Synaman 2026-07-09 9.0 HIGH 7.2 HIGH
The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
CVE-2022-26250 1 Synametrics 1 Synaman 2026-07-09 4.6 MEDIUM 7.8 HIGH
Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.
CVE-2022-26244 1 Hospital\'s Patient Records Management System Project 1 Hospital\'s Patient Records Management System 2026-07-09 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field.
CVE-2022-26197 1 Joget 1 Joget Dx 2026-07-09 3.5 LOW 5.4 MEDIUM
Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table.
CVE-2022-26173 1 Jforum 1 Jforum 2026-07-09 6.8 MEDIUM 8.8 HIGH
JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts.
CVE-2022-25590 1 Surveyking 1 Surveyking 2026-07-09 4.3 MEDIUM 6.5 MEDIUM
SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.
CVE-2022-25585 1 Unioncms Project 1 Unioncms 2026-07-09 3.5 LOW 5.4 MEDIUM
Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Default settings.
CVE-2022-25578 1 Taogogo 1 Taocms 2026-07-09 7.5 HIGH 9.8 CRITICAL
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
CVE-2022-25574 1 Douco 1 Douphp 2026-07-09 3.5 LOW 4.8 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.
CVE-2022-25523 1 Typesettercms 1 Typesetter 2026-07-09 6.8 MEDIUM 8.8 HIGH
TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request.
CVE-2022-25521 1 Nuuo 1 Network Video Recorder Firmware 2026-07-09 10.0 HIGH 9.8 CRITICAL
NUUO v03.11.00 was discovered to contain access control issue.
CVE-2022-25480 1 Realtek 2 Rtsper, Rtsuer 2026-07-09 N/A 7.8 HIGH
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.
CVE-2022-25479 1 Realtek 2 Rtsper, Rtsuer 2026-07-09 N/A 5.5 MEDIUM
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.
CVE-2022-25478 1 Realtek 2 Rtsper, Rtsuer 2026-07-09 N/A 7.8 HIGH
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device.
CVE-2022-25477 1 Realtek 2 Rtsper, Rtsuer 2026-07-09 N/A 5.5 MEDIUM
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR.
CVE-2022-25146 1 Liferay 2 Digital Experience Platform, Liferay Portal 2026-07-09 5.0 MEDIUM 5.3 MEDIUM
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.
CVE-2022-25090 1 Kofax 1 Printix 2026-07-09 9.3 HIGH 8.1 HIGH
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.
CVE-2022-25089 1 Kofax 1 Printix 2026-07-09 7.5 HIGH 9.8 CRITICAL
Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData.
CVE-2022-25064 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2026-07-09 7.5 HIGH 9.8 CRITICAL
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.