Export limit exceeded: 46588 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46588 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31655 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | 5.4 Medium |
| VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. | ||||
| CVE-2022-31654 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | 5.4 Medium |
| VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. | ||||
| CVE-2022-31648 | 1 Talend | 1 Administration Center | 2024-11-21 | 6.1 Medium |
| Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. | ||||
| CVE-2022-31619 | 1 Siemens | 1 Teamcenter | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. | ||||
| CVE-2022-31498 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 6.1 Medium |
| LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. | ||||
| CVE-2022-31497 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 6.1 Medium |
| LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. | ||||
| CVE-2022-31495 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 6.1 Medium |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. | ||||
| CVE-2022-31494 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 6.1 Medium |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. | ||||
| CVE-2022-31493 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 6.1 Medium |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. | ||||
| CVE-2022-31492 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 6.1 Medium |
| Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. | ||||
| CVE-2022-31470 | 1 Axigen | 1 Axigen Mobile Webmail | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. | ||||
| CVE-2022-31462 | 1 Owllabs | 2 Meeting Owl Pro, Meeting Owl Pro Firmware | 2024-11-21 | 9.3 Critical |
| Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. | ||||
| CVE-2022-31460 | 1 Owllabs | 2 Meeting Owl Pro, Meeting Owl Pro Firmware | 2024-11-21 | 7.4 High |
| Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. | ||||
| CVE-2022-31456 | 1 Truedesk | 1 Truedesk | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter. | ||||
| CVE-2022-31455 | 1 Truedesk | 1 Truedesk | 2024-11-21 | 6.1 Medium |
| * A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box. | ||||
| CVE-2022-31454 | 1 Yiiframework | 1 Yii | 2024-11-21 | 6.1 Medium |
| Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2. | ||||
| CVE-2022-31403 | 1 Combodo | 1 Itop | 2024-11-21 | 6.1 Medium |
| ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. | ||||
| CVE-2022-31402 | 1 Combodo | 1 Itop | 2024-11-21 | 6.1 Medium |
| ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. | ||||
| CVE-2022-31400 | 1 Helpdeskz | 1 Helpdeskz | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | ||||
| CVE-2022-31398 | 1 Helpdeskz | 1 Helpdeskz | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | ||||