Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-20 | CVE-2022-28531 | SQL Injection vulnerability in Covid-19 Directory on Vaccination System Project Covid-19 Directory on Vaccination System 1.0 Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. | 7.5 |
| 2022-05-20 | CVE-2022-28995 | Unspecified vulnerability in Rengine Project Rengine 1.0.2 Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. | 7.5 |
| 2022-05-20 | CVE-2022-26632 | SQL Injection vulnerability in Multi-Vendor Online Groceries Management System Project Multi-Vendor Online Groceries Management System 1.0 Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. | 7.5 |
| 2022-05-20 | CVE-2022-26633 | SQL Injection vulnerability in Simple Student Quarterly Result/Grade System Project Simple Student Quarterly Result/Grade System 1.0 Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. | 7.5 |
| 2022-05-20 | CVE-2022-27092 | Unquoted Search Path or Element vulnerability in Privateinternetaccess Private Internet Access 3.3 Private Internet Access v3.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. | 7.2 |
| 2022-05-20 | CVE-2022-27094 | Unquoted Search Path or Element vulnerability in Sony Playmemories Home 6.0 Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | 7.2 |
| 2022-05-20 | CVE-2022-27095 | Unquoted Search Path or Element vulnerability in Battleye 0.9 BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. | 7.2 |
| 2022-05-20 | CVE-2022-28105 | SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. | 7.5 |
| 2022-05-20 | CVE-2022-28106 | Improper Authentication vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. | 7.5 |
| 2022-05-20 | CVE-2022-29320 | Unquoted Search Path or Element vulnerability in Minitool Partition Wizard 12.0 MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | 7.2 |