Common Vulnerabilities and Exposures (CVE)

CVE-2022-40011

Jul 9, 2026 00:21:12 UTC

Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's origin.

CVE-2022-39975

Jul 9, 2026 00:21:11 UTC

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view...

CVE-2022-38902

Jul 9, 2026 00:21:09 UTC

A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created...

CVE-2022-38901

Jul 9, 2026 00:21:08 UTC

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description fie...

CVE-2022-38619

Jul 9, 2026 00:21:07 UTC

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.

CVE-2022-38618

Jul 9, 2026 00:21:06 UTC

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.

CVE-2022-38617

Jul 9, 2026 00:21:04 UTC

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.

CVE-2022-38616

Jul 9, 2026 00:21:03 UTC

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.

CVE-2022-38615

Jul 9, 2026 00:21:02 UTC

SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.

CVE-2022-38614

Jul 9, 2026 00:21:01 UTC

An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.

CVE-2022-38613

Jul 9, 2026 00:20:59 UTC

A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.

CVE-2022-38599

Jul 9, 2026 00:20:58 UTC

Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.

CVE-2022-38583

Jul 9, 2026 00:20:57 UTC

On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder...

CVE-2022-38580

Jul 9, 2026 00:20:56 UTC

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).

CVE-2022-38577

Jul 9, 2026 00:20:55 UTC

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.