Total
365117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44897 | 1 Apollotheme | 1 Ap Pagebuilder | 2026-07-09 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter. | |||||
| CVE-2022-44303 | 1 Resque-scheduler Project | 1 Resque-scheduler | 2026-07-09 | N/A | 6.1 MEDIUM |
| Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side. | |||||
| CVE-2022-44291 | 1 Webtareas Project | 1 Webtareas | 2026-07-09 | N/A | 9.8 CRITICAL |
| webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. | |||||
| CVE-2022-44290 | 1 Webtareas Project | 1 Webtareas | 2026-07-09 | N/A | 9.8 CRITICAL |
| webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. | |||||
| CVE-2022-44194 | 1 Netgear | 2 R7000p, R7000p Firmware | 2026-07-09 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec. | |||||
| CVE-2022-44089 | 1 Ecisp | 1 Espcms | 2026-07-09 | N/A | 9.8 CRITICAL |
| ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE. | |||||
| CVE-2022-44088 | 1 Ecisp | 1 Espcms | 2026-07-09 | N/A | 9.8 CRITICAL |
| ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION. | |||||
| CVE-2022-44087 | 1 Ecisp | 1 Espcms | 2026-07-09 | N/A | 9.8 CRITICAL |
| ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. | |||||
| CVE-2022-43340 | 1 Dzzoffice | 1 Dzzoffice | 2026-07-09 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. | |||||
| CVE-2022-43321 | 1 Shopwind | 1 Shopwind | 2026-07-09 | N/A | 6.1 MEDIUM |
| Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. | |||||
| CVE-2022-43309 | 1 Supermicro | 292 H11dsi, H11dsi-nt, H11dsi-nt Firmware and 289 more | 2026-07-09 | N/A | 5.5 MEDIUM |
| Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. | |||||
| CVE-2022-42993 | 1 Password Storage Application Project | 1 Password Storage Application | 2026-07-09 | N/A | 5.4 MEDIUM |
| Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. | |||||
| CVE-2022-42992 | 1 Train Scheduler App Project | 1 Train Scheduler App | 2026-07-09 | N/A | 5.4 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields. | |||||
| CVE-2022-42991 | 1 Simple Online Public Access Catalog Project | 1 Simple Online Public Access Catalog | 2026-07-09 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field. | |||||
| CVE-2022-42989 | 1 Sankhya | 1 Sankhya Om | 2026-07-09 | N/A | 9.0 CRITICAL |
| ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada. | |||||
| CVE-2022-42248 | 1 Qlik | 1 Qlikview | 2026-07-09 | N/A | 5.4 MEDIUM |
| QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality. | |||||
| CVE-2022-42175 | 1 Soluslabs | 1 Solusvm | 2026-07-09 | N/A | 8.8 HIGH |
| Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization. | |||||
| CVE-2022-42132 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-07-09 | N/A | 5.9 MEDIUM |
| The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential. | |||||
| CVE-2022-42131 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-07-09 | N/A | 4.8 MEDIUM |
| Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3. | |||||
| CVE-2022-42130 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-07-09 | N/A | 4.3 MEDIUM |
| The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries. | |||||
