Vulnerabilities (CVE)

Total 364825 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28977 1 Liferay 3 Digital Experience Platform, Dxp, Liferay Portal 2026-07-09 N/A 6.1 MEDIUM
HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.
CVE-2022-28975 1 Infoblox 1 Nios 2026-07-09 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field.
CVE-2022-28945 1 Webbank 1 Webcube 2026-07-09 7.5 HIGH 9.8 CRITICAL
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file.
CVE-2022-28944 2 Emcosoftware, Microsoft 9 Msi Package Builder, Network Inventory, Network Software Scanner and 6 more 2026-07-09 6.8 MEDIUM 8.8 HIGH
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ΒΆΒΆ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process.
CVE-2022-28932 1 Dlink 2 Dsl-g2452dg, Dsl-g2452dg Firmware 2026-07-09 7.5 HIGH 9.8 CRITICAL
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
CVE-2022-28598 1 Frappe 1 Erpnext 2026-07-09 N/A 6.1 MEDIUM
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2022-28568 1 Simple Doctor\'s Appointment System Project 1 Simple Doctor\'s Appointment System 2026-07-09 7.5 HIGH 9.8 CRITICAL
Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.
CVE-2022-28397 1 Ghost 1 Ghost 2026-07-09 7.5 HIGH 9.8 CRITICAL
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional.
CVE-2022-28118 1 Sscms 1 Siteserver Cms 2026-07-09 7.5 HIGH 9.8 CRITICAL
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.
CVE-2022-28102 1 Php Mysql Admin Panel Generator Project 1 Php Mysql Admin Panel Generator 2026-07-09 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.
CVE-2022-28094 1 Online Sports Complex Booking System Project 1 Online Sports Complex Booking System 2026-07-09 4.3 MEDIUM 6.1 MEDIUM
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php.
CVE-2022-28093 1 Online Sports Complex Booking System Project 1 Online Sports Complex Booking System 2026-07-09 7.5 HIGH 9.8 CRITICAL
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-28078 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2026-07-09 4.3 MEDIUM 6.1 MEDIUM
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.
CVE-2022-28077 1 Home Owners Collection Management System Project 1 Home Owners Collection Management System 2026-07-09 4.3 MEDIUM 6.1 MEDIUM
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.
CVE-2022-27985 1 Cuppacms 1 Cuppacms 2026-07-09 7.5 HIGH 9.8 CRITICAL
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.
CVE-2022-27984 1 Cuppacms 1 Cuppacms 2026-07-09 7.5 HIGH 9.8 CRITICAL
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.
CVE-2022-27979 1 Tooljet 1 Tooljet 2026-07-09 N/A 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.
CVE-2022-27978 1 Tooljet 1 Tooljet 2026-07-09 N/A 7.5 HIGH
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.
CVE-2022-27461 1 Nopcommerce 1 Nopcommerce 2026-07-09 5.8 MEDIUM 6.1 MEDIUM
In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.
CVE-2022-27438 29 3cx, Boom, Caphyon and 26 more 99 Call Flow Designer, Crm Template Generator, Boomtv Streamer Portal and 96 more 2026-07-09 5.1 MEDIUM 8.1 HIGH
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.