Export limit exceeded: 45829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45829 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29962 | 1 Emerson | 48 Deltav Distributed Control System Sq Controller, Deltav Distributed Control System Sq Controller Firmware, Deltav Distributed Control System Sx Controller and 45 more | 2024-11-21 | 5.5 Medium |
| The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials (but may often be disabled in production). This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350. | ||||
| CVE-2022-29960 | 1 Emerson | 1 Openbsi | 2024-11-21 | 5.5 Medium |
| Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities. | ||||
| CVE-2022-29953 | 1 Bakerhughes | 8 Bently Nevada 3701\/40, Bently Nevada 3701\/40 Firmware, Bently Nevada 3701\/44 and 5 more | 2024-11-21 | 9.8 Critical |
| The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality. | ||||
| CVE-2022-29947 | 1 Woodpecker-ci | 1 Woodpecker | 2024-11-21 | 6.1 Medium |
| Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. | ||||
| CVE-2022-29940 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 5.4 Medium |
| In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. | ||||
| CVE-2022-29939 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 5.4 Medium |
| In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. | ||||
| CVE-2022-29929 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 3.7 Low |
| In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible | ||||
| CVE-2022-29927 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.6 Medium |
| In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible | ||||
| CVE-2022-29923 | 1 Thingsforrestaurants | 1 Quick Restaurant Reservations | 2024-11-21 | 5.9 Medium |
| Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1. | ||||
| CVE-2022-29907 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.1 Medium |
| The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. | ||||
| CVE-2022-29894 | 1 Strapi | 1 Strapi | 2024-11-21 | 4.8 Medium |
| Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. | ||||
| CVE-2022-29890 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 6.1 Medium |
| In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. | ||||
| CVE-2022-29887 | 1 Intel | 1 Manageability Commander | 2024-11-21 | 8.1 High |
| Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2022-29856 | 1 Automationanywhere | 1 Automation 360 | 2024-11-21 | 7.5 High |
| A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages. | ||||
| CVE-2022-29817 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 3.9 Low |
| In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible | ||||
| CVE-2022-29816 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 2.8 Low |
| In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible | ||||
| CVE-2022-29811 | 1 Jetbrains | 1 Hub | 2024-11-21 | 6.1 Medium |
| In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. | ||||
| CVE-2022-29778 | 2 D-link, Dlink | 3 Dir-890l Firmware, Dir-890l, Dir-890l Firmware | 2024-11-21 | 8.8 High |
| D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php | ||||
| CVE-2022-29770 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 5.4 Medium |
| XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | ||||
| CVE-2022-29734 | 1 Ict | 2 Protege Gx, Protege Wx | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | ||||