Vulnerabilities (CVE)

Total 365117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-44897 1 Apollotheme 1 Ap Pagebuilder 2026-07-09 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter.
CVE-2022-44303 1 Resque-scheduler Project 1 Resque-scheduler 2026-07-09 N/A 6.1 MEDIUM
Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side.
CVE-2022-44291 1 Webtareas Project 1 Webtareas 2026-07-09 N/A 9.8 CRITICAL
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
CVE-2022-44290 1 Webtareas Project 1 Webtareas 2026-07-09 N/A 9.8 CRITICAL
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
CVE-2022-44194 1 Netgear 2 R7000p, R7000p Firmware 2026-07-09 N/A 9.8 CRITICAL
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.
CVE-2022-44089 1 Ecisp 1 Espcms 2026-07-09 N/A 9.8 CRITICAL
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE.
CVE-2022-44088 1 Ecisp 1 Espcms 2026-07-09 N/A 9.8 CRITICAL
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION.
CVE-2022-44087 1 Ecisp 1 Espcms 2026-07-09 N/A 9.8 CRITICAL
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT.
CVE-2022-43340 1 Dzzoffice 1 Dzzoffice 2026-07-09 N/A 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.
CVE-2022-43321 1 Shopwind 1 Shopwind 2026-07-09 N/A 6.1 MEDIUM
Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.
CVE-2022-43309 1 Supermicro 292 H11dsi, H11dsi-nt, H11dsi-nt Firmware and 289 more 2026-07-09 N/A 5.5 MEDIUM
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.
CVE-2022-42993 1 Password Storage Application Project 1 Password Storage Application 2026-07-09 N/A 5.4 MEDIUM
Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page.
CVE-2022-42992 1 Train Scheduler App Project 1 Train Scheduler App 2026-07-09 N/A 5.4 MEDIUM
Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields.
CVE-2022-42991 1 Simple Online Public Access Catalog Project 1 Simple Online Public Access Catalog 2026-07-09 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field.
CVE-2022-42989 1 Sankhya 1 Sankhya Om 2026-07-09 N/A 9.0 CRITICAL
ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada.
CVE-2022-42248 1 Qlik 1 Qlikview 2026-07-09 N/A 5.4 MEDIUM
QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.
CVE-2022-42175 1 Soluslabs 1 Solusvm 2026-07-09 N/A 8.8 HIGH
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.
CVE-2022-42132 1 Liferay 2 Digital Experience Platform, Liferay Portal 2026-07-09 N/A 5.9 MEDIUM
The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.
CVE-2022-42131 1 Liferay 2 Digital Experience Platform, Liferay Portal 2026-07-09 N/A 4.8 MEDIUM
Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3.
CVE-2022-42130 1 Liferay 2 Digital Experience Platform, Liferay Portal 2026-07-09 N/A 4.3 MEDIUM
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries.