Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-20 CVE-2022-28531 SQL Injection vulnerability in Covid-19 Directory on Vaccination System Project Covid-19 Directory on Vaccination System 1.0
Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field.
7.5
2022-05-20 CVE-2022-28995 Unspecified vulnerability in Rengine Project Rengine 1.0.2
Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.
network
low complexity
rengine-project
7.5
2022-05-20 CVE-2022-26632 SQL Injection vulnerability in Multi-Vendor Online Groceries Management System Project Multi-Vendor Online Groceries Management System 1.0
Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php.
7.5
2022-05-20 CVE-2022-26633 SQL Injection vulnerability in Simple Student Quarterly Result/Grade System Project Simple Student Quarterly Result/Grade System 1.0
Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php.
7.5
2022-05-20 CVE-2022-27092 Unquoted Search Path or Element vulnerability in Privateinternetaccess Private Internet Access 3.3
Private Internet Access v3.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.
local
low complexity
privateinternetaccess CWE-428
7.2
2022-05-20 CVE-2022-27094 Unquoted Search Path or Element vulnerability in Sony Playmemories Home 6.0
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
local
low complexity
sony CWE-428
7.2
2022-05-20 CVE-2022-27095 Unquoted Search Path or Element vulnerability in Battleye 0.9
BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.
local
low complexity
battleye CWE-428
7.2
2022-05-20 CVE-2022-28105 SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0
Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php.
7.5
2022-05-20 CVE-2022-28106 Improper Authentication vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0
Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request.
7.5
2022-05-20 CVE-2022-29320 Unquoted Search Path or Element vulnerability in Minitool Partition Wizard 12.0
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
local
low complexity
minitool CWE-428
7.2