Total
364825 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28977 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2026-07-09 | N/A | 6.1 MEDIUM |
| HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. | |||||
| CVE-2022-28975 | 1 Infoblox | 1 Nios | 2026-07-09 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field. | |||||
| CVE-2022-28945 | 1 Webbank | 1 Webcube | 2026-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. | |||||
| CVE-2022-28944 | 2 Emcosoftware, Microsoft | 9 Msi Package Builder, Network Inventory, Network Software Scanner and 6 more | 2026-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ΒΆΒΆ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process. | |||||
| CVE-2022-28932 | 1 Dlink | 2 Dsl-g2452dg, Dsl-g2452dg Firmware | 2026-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. | |||||
| CVE-2022-28598 | 1 Frappe | 1 Erpnext | 2026-07-09 | N/A | 6.1 MEDIUM |
| Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. | |||||
| CVE-2022-28568 | 1 Simple Doctor\'s Appointment System Project | 1 Simple Doctor\'s Appointment System | 2026-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored. | |||||
| CVE-2022-28397 | 1 Ghost | 1 Ghost | 2026-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional. | |||||
| CVE-2022-28118 | 1 Sscms | 1 Siteserver Cms | 2026-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. | |||||
| CVE-2022-28102 | 1 Php Mysql Admin Panel Generator Project | 1 Php Mysql Admin Panel Generator | 2026-07-09 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. | |||||
| CVE-2022-28094 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2026-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. | |||||
| CVE-2022-28093 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2026-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-28078 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2026-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter. | |||||
| CVE-2022-28077 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2026-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter. | |||||
| CVE-2022-27985 | 1 Cuppacms | 1 Cuppacms | 2026-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. | |||||
| CVE-2022-27984 | 1 Cuppacms | 1 Cuppacms | 2026-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. | |||||
| CVE-2022-27979 | 1 Tooljet | 1 Tooljet | 2026-07-09 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. | |||||
| CVE-2022-27978 | 1 Tooljet | 1 Tooljet | 2026-07-09 | N/A | 7.5 HIGH |
| Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request. | |||||
| CVE-2022-27461 | 1 Nopcommerce | 1 Nopcommerce | 2026-07-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. | |||||
| CVE-2022-27438 | 29 3cx, Boom, Caphyon and 26 more | 99 Call Flow Designer, Crm Template Generator, Boomtv Streamer Portal and 96 more | 2026-07-09 | 5.1 MEDIUM | 8.1 HIGH |
| Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check. | |||||
