Total
364749 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26263 | 1 Yonyou | 1 U8\+ | 2026-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. | |||||
| CVE-2022-26251 | 1 Synametrics | 1 Synaman | 2026-07-09 | 9.0 HIGH | 7.2 HIGH |
| The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | |||||
| CVE-2022-26250 | 1 Synametrics | 1 Synaman | 2026-07-09 | 4.6 MEDIUM | 7.8 HIGH |
| Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. | |||||
| CVE-2022-26244 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2026-07-09 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field. | |||||
| CVE-2022-26197 | 1 Joget | 1 Joget Dx | 2026-07-09 | 3.5 LOW | 5.4 MEDIUM |
| Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table. | |||||
| CVE-2022-26173 | 1 Jforum | 1 Jforum | 2026-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. | |||||
| CVE-2022-25590 | 1 Surveyking | 1 Surveyking | 2026-07-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. | |||||
| CVE-2022-25585 | 1 Unioncms Project | 1 Unioncms | 2026-07-09 | 3.5 LOW | 5.4 MEDIUM |
| Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Default settings. | |||||
| CVE-2022-25578 | 1 Taogogo | 1 Taocms | 2026-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. | |||||
| CVE-2022-25574 | 1 Douco | 1 Douphp | 2026-07-09 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. | |||||
| CVE-2022-25523 | 1 Typesettercms | 1 Typesetter | 2026-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. | |||||
| CVE-2022-25521 | 1 Nuuo | 1 Network Video Recorder Firmware | 2026-07-09 | 10.0 HIGH | 9.8 CRITICAL |
| NUUO v03.11.00 was discovered to contain access control issue. | |||||
| CVE-2022-25480 | 1 Realtek | 2 Rtsper, Rtsuer | 2026-07-09 | N/A | 7.8 HIGH |
| Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP. | |||||
| CVE-2022-25479 | 1 Realtek | 2 Rtsper, Rtsuer | 2026-07-09 | N/A | 5.5 MEDIUM |
| Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap. | |||||
| CVE-2022-25478 | 1 Realtek | 2 Rtsper, Rtsuer | 2026-07-09 | N/A | 7.8 HIGH |
| Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device. | |||||
| CVE-2022-25477 | 1 Realtek | 2 Rtsper, Rtsuer | 2026-07-09 | N/A | 5.5 MEDIUM |
| Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR. | |||||
| CVE-2022-25146 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-07-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message. | |||||
| CVE-2022-25090 | 1 Kofax | 1 Printix | 2026-07-09 | 9.3 HIGH | 8.1 HIGH |
| Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. | |||||
| CVE-2022-25089 | 1 Kofax | 1 Printix | 2026-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. | |||||
| CVE-2022-25064 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2026-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. | |||||
