Weekly Vulnerabilities Reports > May 9 to 15, 2022
Overview
510 new vulnerabilities reported during this period, including 138 critical vulnerabilities and 186 high severity vulnerabilities. This weekly summary report vulnerabilities in 1785 products from 177 vendors including Intel, AMD, Google, Inhandnetworks, and Totolink. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Out-of-bounds Write", "OS Command Injection", and "Improper Input Validation".
- 366 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities have public exploit available.
- 185 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 291 reported vulnerabilities are exploitable by an anonymous user.
- Intel has the most reported vulnerabilities, with 37 reported vulnerabilities.
- Totolink has the most reported critical vulnerabilities, with 18 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
138 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-05-10 | CVE-2021-42645 | Cmsimple XH | Unrestricted Upload of File with Dangerous Type vulnerability in Cmsimple-Xh Cmsimple XH 1.7.4 CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. | 10.0 |
2022-05-15 | CVE-2022-28930 | ERP PRO Project | SQL Injection vulnerability in Erp-Pro Project Erp-Pro 3.7.5 ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml.. | 9.8 |
2022-05-15 | CVE-2022-28929 | Hospital Management System Project | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | 9.8 |
2022-05-14 | CVE-2022-24831 | Openclinica | SQL Injection vulnerability in Openclinica 3.14 OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). | 9.8 |
2022-05-14 | CVE-2022-24830 | Openclinica | Path Traversal vulnerability in Openclinica 3.14/3.16/3.16.1 OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). | 9.8 |
2022-05-13 | CVE-2022-21190 | Mozilla | Unspecified vulnerability in Mozilla Convict This affects the package convict before 6.2.3. | 9.8 |
2022-05-13 | CVE-2022-22282 | Sonicwall | Unspecified vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. | 9.8 |
2022-05-13 | CVE-2022-25865 | Microsoft | Argument Injection or Modification vulnerability in Microsoft Workspace-Tools The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. | 9.8 |
2022-05-13 | CVE-2022-1715 | Facturascripts | Unspecified vulnerability in Facturascripts Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. | 9.8 |
2022-05-13 | CVE-2021-46786 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Emui, Harmonyos and Magic UI The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access. | 9.8 |
2022-05-13 | CVE-2022-29794 | Huawei | Use After Free vulnerability in Huawei Emui and Harmonyos The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality. | 9.8 |
2022-05-13 | CVE-2022-30384 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. | 9.8 |
2022-05-13 | CVE-2022-30385 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. | 9.8 |
2022-05-13 | CVE-2022-30386 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. | 9.8 |
2022-05-13 | CVE-2022-30387 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. | 9.8 |
2022-05-13 | CVE-2022-30391 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. | 9.8 |
2022-05-13 | CVE-2022-30392 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. | 9.8 |
2022-05-13 | CVE-2022-30395 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. | 9.8 |
2022-05-13 | CVE-2022-30407 | Pharmacy Sales AND Inventory System Project | SQL Injection vulnerability in Pharmacy Sales and Inventory System Project Pharmacy Sales and Inventory System 1.0 Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=. | 9.8 |
2022-05-13 | CVE-2022-30413 | Covid 19 Travel Pass Management System Project | SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application. | 9.8 |
2022-05-13 | CVE-2022-29383 | Netgear | SQL Injection vulnerability in Netgear Ssl312 Firmware Fvs336Gv2/Fvs336Gv3 NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. | 9.8 |
2022-05-13 | CVE-2022-30370 | AIR Cargo Management System Project | SQL Injection vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0 Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type. | 9.8 |
2022-05-13 | CVE-2021-42967 | Xxyopen | Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files. | 9.8 |
2022-05-12 | CVE-2022-22796 | Sysaid | Improper Authentication vulnerability in Sysaid Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication. | 9.8 |
2022-05-12 | CVE-2022-23166 | Sysaid | Path Traversal vulnerability in Sysaid Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. | 9.8 |
2022-05-12 | CVE-2022-29363 | Phpok | Deserialization of Untrusted Data vulnerability in PHPok 6.1 Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. | 9.8 |
2022-05-12 | CVE-2022-22413 | IBM | SQL Injection vulnerability in IBM Robotic Process Automation 21.0.0/21.0.1/21.0.2 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. | 9.8 |
2022-05-12 | CVE-2022-29303 | Contec | OS Command Injection vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.00 SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. | 9.8 |
2022-05-12 | CVE-2022-29306 | Ionizecms | SQL Injection vulnerability in Ionizecms Ionize 1.0.8.1 IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php. | 9.8 |
2022-05-12 | CVE-2022-29307 | Ionizecms | Code Injection vulnerability in Ionizecms Ionize 1.0.8.1 IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. | 9.8 |
2022-05-12 | CVE-2022-29738 | Money Transfer Management System Project | SQL Injection vulnerability in Money Transfer Management System Project Money Transfer Management System 1.0 Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id. | 9.8 |
2022-05-12 | CVE-2022-29739 | Money Transfer Management System Project | SQL Injection vulnerability in Money Transfer Management System Project Money Transfer Management System 1.0 Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=. | 9.8 |
2022-05-12 | CVE-2022-29741 | Money Transfer Management System Project | SQL Injection vulnerability in Money Transfer Management System Project Money Transfer Management System 1.0 Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee. | 9.8 |
2022-05-12 | CVE-2022-29745 | Money Transfer Management System Project | SQL Injection vulnerability in Money Transfer Management System Project Money Transfer Management System 1.0 Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction. | 9.8 |
2022-05-12 | CVE-2022-29746 | Money Transfer Management System Project | SQL Injection vulnerability in Money Transfer Management System Project Money Transfer Management System 1.0 Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete. | 9.8 |
2022-05-12 | CVE-2022-29998 | Insurance Management System Project | SQL Injection vulnerability in Insurance Management System Project Insurance Management System 1.0 Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=. | 9.8 |
2022-05-12 | CVE-2022-29999 | Insurance Management System Project | SQL Injection vulnerability in Insurance Management System Project Insurance Management System 1.0 Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=. | 9.8 |
2022-05-12 | CVE-2022-30000 | Insurance Management System Project | SQL Injection vulnerability in Insurance Management System Project Insurance Management System 1.0 Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=. | 9.8 |
2022-05-12 | CVE-2022-30001 | Insurance Management System Project | SQL Injection vulnerability in Insurance Management System Project Insurance Management System 1.0 Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=. | 9.8 |
2022-05-12 | CVE-2022-29539 | Resi | OS Command Injection vulnerability in Resi Gemini-Net 4.2 resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. | 9.8 |
2022-05-12 | CVE-2022-29747 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. | 9.8 |
2022-05-12 | CVE-2022-29748 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=. | 9.8 |
2022-05-12 | CVE-2022-29749 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. | 9.8 |
2022-05-12 | CVE-2022-29750 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. | 9.8 |
2022-05-12 | CVE-2022-29751 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. | 9.8 |
2022-05-12 | CVE-2022-29979 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation. | 9.8 |
2022-05-12 | CVE-2022-29980 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=. | 9.8 |
2022-05-12 | CVE-2022-29981 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete. | 9.8 |
2022-05-12 | CVE-2022-29982 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=. | 9.8 |
2022-05-12 | CVE-2022-29983 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=. | 9.8 |
2022-05-12 | CVE-2022-29984 | Simple Client Management System Project | SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=. | 9.8 |
2022-05-12 | CVE-2022-29985 | Online Sports Complex Booking System Project | SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category. | 9.8 |
2022-05-12 | CVE-2022-29986 | Online Sports Complex Booking System Project | SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility. | 9.8 |
2022-05-12 | CVE-2022-29987 | Online Sports Complex Booking System Project | SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=. | 9.8 |
2022-05-12 | CVE-2022-29988 | Online Sports Complex Booking System Project | SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete. | 9.8 |
2022-05-12 | CVE-2022-29989 | Online Sports Complex Booking System Project | SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking. | 9.8 |
2022-05-12 | CVE-2022-29990 | Online Sports Complex Booking System Project | SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=. | 9.8 |
2022-05-12 | CVE-2022-29992 | Online Sports Complex Booking System Project | SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=. | 9.8 |
2022-05-12 | CVE-2022-29993 | Online Sports Complex Booking System Project | SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=. | 9.8 |
2022-05-12 | CVE-2022-29994 | Online Sports Complex Booking System Project | SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=. | 9.8 |
2022-05-12 | CVE-2022-29995 | Online Sports Complex Booking System Project | SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0 Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=. | 9.8 |
2022-05-12 | CVE-2022-30525 | Zyxel | OS Command Injection vulnerability in Zyxel products A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | 9.8 |
2022-05-12 | CVE-2021-42863 | Jerryscript | Classic Buffer Overflow vulnerability in Jerryscript A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size. | 9.8 |
2022-05-11 | CVE-2022-30592 | Litespeedtech | NULL Pointer Dereference vulnerability in Litespeedtech Lsquic liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. | 9.8 |
2022-05-11 | CVE-2022-29596 | Microstrategy | Path Traversal vulnerability in Microstrategy Enterprise Manager 2022 MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal. | 9.8 |
2022-05-11 | CVE-2022-30063 | Ftcms | Unspecified vulnerability in Ftcms 2.1 ftcms <=2.1 was discovered to be vulnerable to code execution attacks . | 9.8 |
2022-05-11 | CVE-2022-30448 | Hospital Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. | 9.8 |
2022-05-11 | CVE-2022-30449 | Hospital Management System Project | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php. | 9.8 |
2022-05-11 | CVE-2022-30450 | Waimairencms Project | Unspecified vulnerability in Waimairencms Project Waimairencms 9.1 A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php | 9.8 |
2022-05-11 | CVE-2021-33315 | Trendnet | Improper Input Validation vulnerability in Trendnet products The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. | 9.8 |
2022-05-11 | CVE-2021-33316 | Trendnet | Improper Input Validation vulnerability in Trendnet products The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. | 9.8 |
2022-05-11 | CVE-2021-34085 | Glensawyer | Out-of-bounds Read vulnerability in Glensawyer Mp3Gain Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. | 9.8 |
2022-05-11 | CVE-2022-30047 | Mingsoft | SQL Injection vulnerability in Mingsoft Mcms 5.2.7 Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. | 9.8 |
2022-05-11 | CVE-2022-30048 | Mingsoft | SQL Injection vulnerability in Mingsoft Mcms 5.2.7 Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. | 9.8 |
2022-05-11 | CVE-2022-30453 | Shopwind | Unspecified vulnerability in Shopwind ShopWind <= 3.4.2 has a RCE vulnerability in Database.php | 9.8 |
2022-05-11 | CVE-2021-38969 | IBM | Use of Hard-coded Credentials vulnerability in IBM Spectrum Virtualize 8.2.0.0/8.3.0.0/8.4.0.0 IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. | 9.8 |
2022-05-11 | CVE-2022-29006 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Directory Management System 1.0 Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. | 9.8 |
2022-05-11 | CVE-2022-29007 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Dairy Farm Shop Management System 1.0 Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. | 9.8 |
2022-05-11 | CVE-2022-29009 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Cyber Cafe Management System 1.0 Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. | 9.8 |
2022-05-11 | CVE-2022-29316 | Complete Online JOB Search System Project | SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0 Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. | 9.8 |
2022-05-11 | CVE-2022-29317 | Simple BUS Ticket Booking System Project | SQL Injection vulnerability in Simple BUS Ticket Booking System Project Simple BUS Ticket Booking System 1.0 Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. | 9.8 |
2022-05-11 | CVE-2022-29656 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. | 9.8 |
2022-05-10 | CVE-2022-20120 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A | 9.8 | |
2022-05-10 | CVE-2022-29391 | Totolink | Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. | 9.8 |
2022-05-10 | CVE-2022-29392 | Totolink | Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. | 9.8 |
2022-05-10 | CVE-2022-29393 | Totolink | Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. | 9.8 |
2022-05-10 | CVE-2022-29394 | Totolink | Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448. | 9.8 |
2022-05-10 | CVE-2022-29395 | Totolink | Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4. | 9.8 |
2022-05-10 | CVE-2022-29396 | Totolink | Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10. | 9.8 |
2022-05-10 | CVE-2022-29397 | Totolink | Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8. | 9.8 |
2022-05-10 | CVE-2022-29398 | Totolink | Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. | 9.8 |
2022-05-10 | CVE-2022-29399 | Totolink | Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. | 9.8 |
2022-05-10 | CVE-2022-0947 | ABB | Improper Initialization vulnerability in ABB products A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration. | 9.8 |
2022-05-10 | CVE-2022-23676 | Arubanetworks | Out-of-bounds Write vulnerability in Arubanetworks products A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. | 9.8 |
2022-05-10 | CVE-2022-28895 | Dlink | OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06 A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | 9.8 |
2022-05-10 | CVE-2022-28896 | Dlink | OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06 A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | 9.8 |
2022-05-10 | CVE-2022-28901 | Dlink | OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06 A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | 9.8 |
2022-05-10 | CVE-2022-28905 | Totolink | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. | 9.8 |
2022-05-10 | CVE-2022-28906 | Totolink | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. | 9.8 |
2022-05-10 | CVE-2022-28907 | Totolink | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. | 9.8 |
2022-05-10 | CVE-2022-28908 | Totolink | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. | 9.8 |
2022-05-10 | CVE-2022-28909 | Totolink | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. | 9.8 |
2022-05-10 | CVE-2022-28910 | Totolink | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. | 9.8 |
2022-05-10 | CVE-2022-28911 | Totolink | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. | 9.8 |
2022-05-10 | CVE-2022-28912 | Totolink | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. | 9.8 |
2022-05-10 | CVE-2022-28913 | Totolink | OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. | 9.8 |
2022-05-10 | CVE-2022-28915 | Dlink | OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | 9.8 |
2022-05-10 | CVE-2022-29321 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. | 9.8 |
2022-05-10 | CVE-2022-29322 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. | 9.8 |
2022-05-10 | CVE-2022-29323 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. | 9.8 |
2022-05-10 | CVE-2022-29324 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. | 9.8 |
2022-05-10 | CVE-2022-29325 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. | 9.8 |
2022-05-10 | CVE-2022-29326 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. | 9.8 |
2022-05-10 | CVE-2022-29327 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. | 9.8 |
2022-05-10 | CVE-2022-29328 | Dlink | Out-of-bounds Write vulnerability in Dlink Dap-1330 Firmware 1.00.B21 D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. | 9.8 |
2022-05-10 | CVE-2022-29329 | Dlink | Out-of-bounds Write vulnerability in Dlink Dap-1330 Firmware 1.00.B21 D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. | 9.8 |
2022-05-10 | CVE-2021-43094 | Openmrs | SQL Injection vulnerability in Openmrs An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page. | 9.8 |
2022-05-10 | CVE-2022-28110 | Hotel Management System Project | SQL Injection vulnerability in Hotel Management System Project Hotel Management System 1.0 Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. | 9.8 |
2022-05-10 | CVE-2022-29591 | Tenda | Classic Buffer Overflow vulnerability in Tenda TX9 PRO Firmware 22.03.02.10 Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow. | 9.8 |
2022-05-09 | CVE-2022-30335 | Wealth | SQL Injection vulnerability in Wealth Bonanza Wealth Management System 7.3.2 Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. | 9.8 |
2022-05-09 | CVE-2022-27412 | Exploreit | SQL Injection vulnerability in Exploreit Explore CMS 1.0 Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. | 9.8 |
2022-05-09 | CVE-2022-28738 | Ruby Lang | Double Free vulnerability in Ruby-Lang Ruby A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. | 9.8 |
2022-05-09 | CVE-2022-0592 | Mapsvg | Unspecified vulnerability in Mapsvg The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. | 9.8 |
2022-05-09 | CVE-2022-0814 | Ubigeo DE Peru Para Woocommerce Project | SQL Injection vulnerability in Ubigeo DE Peru Para Woocommerce Project Ubigeo DE Peru Para Woocommerce The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections | 9.8 |
2022-05-09 | CVE-2022-0817 | Badgeos | Unspecified vulnerability in Badgeos The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | 9.8 |
2022-05-09 | CVE-2022-0826 | WP Video Gallery Free Project | Unspecified vulnerability in Wp-Video-Gallery-Free Project Wp-Video-Gallery-Free The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | 9.8 |
2022-05-09 | CVE-2022-0836 | Semadatacoop | Unspecified vulnerability in Semadatacoop Sema API The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users | 9.8 |
2022-05-09 | CVE-2022-0948 | Pluginbazaar | Unspecified vulnerability in Pluginbazaar Order Listener for Woocommerce The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection | 9.8 |
2022-05-09 | CVE-2022-1013 | AYS PRO | Unspecified vulnerability in Ays-Pro Personal Dictionary The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. | 9.8 |
2022-05-12 | CVE-2022-1650 | Eventsource Debian | Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. | 9.3 |
2022-05-14 | CVE-2022-1379 | Plantuml Fedoraproject | Server-Side Request Forgery (SSRF) vulnerability in multiple products URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. | 9.1 |
2022-05-13 | CVE-2022-22260 | Huawei | Use After Free vulnerability in Huawei Emui and Harmonyos The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability. | 9.1 |
2022-05-13 | CVE-2022-25591 | Blogengine | Path Traversal vulnerability in Blogengine Blogengine.Net 3.3.8.0 BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request. | 9.1 |
2022-05-11 | CVE-2021-42646 | Wso2 | XXE vulnerability in Wso2 products XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. | 9.1 |
2022-05-10 | CVE-2022-22774 | Tibco | XXE vulnerability in Tibco products The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system. | 9.1 |
2022-05-10 | CVE-2021-42581 | Ramdajs | Unspecified vulnerability in Ramdajs Ramda Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "__proto__") as an argument to the function. | 9.1 |
2022-05-10 | CVE-2022-24042 | Siemens | Insufficient Session Expiration vulnerability in Siemens products A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). | 9.1 |
2022-05-10 | CVE-2022-24039 | Siemens | Unspecified vulnerability in Siemens Desigo Pxc4 Firmware and Desigo Pxc5 Firmware A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). | 9.0 |
186 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-05-15 | CVE-2021-41965 | Churchcrm | SQL Injection vulnerability in Churchcrm A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed. | 8.8 |
2022-05-15 | CVE-2022-30708 | Webmin | Unspecified vulnerability in Webmin Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). | 8.8 |
2022-05-13 | CVE-2021-42969 | Anaconda | OS Command Injection vulnerability in Anaconda Anaconda3 2021.05 Certain Anaconda3 2021.05 are affected by OS command injection. | 8.8 |
2022-05-12 | CVE-2021-27770 | Hcltech | Unspecified vulnerability in Hcltech Sametime 11.6 The vulnerability was discovered within the “FaviconService”. | 8.8 |
2022-05-12 | CVE-2022-22798 | Sysaid | Unspecified vulnerability in Sysaid 21.1.30/21.4.45 Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. | 8.8 |
2022-05-12 | CVE-2022-23139 | ZTE | Incorrect Authorization vulnerability in ZTE Zxmp M721 Firmware 5.10.030.006 ZTE's ZXMP M721 product has a permission and access control vulnerability. | 8.8 |
2022-05-12 | CVE-2022-21182 | Inhandnetworks | Unspecified vulnerability in Inhandnetworks Inrouter302 Firmware 3.5.4 A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. | 8.8 |
2022-05-12 | CVE-2022-25995 | Inhandnetworks | Unspecified vulnerability in Inhandnetworks Ir302 Firmware 3.5.4 A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. | 8.8 |
2022-05-12 | CVE-2022-26042 | Inhandnetworks | OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.37 An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. | 8.8 |
2022-05-12 | CVE-2022-26075 | Inhandnetworks | OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.37 An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. | 8.8 |
2022-05-12 | CVE-2022-26085 | Inhandnetworks | OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.37 An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. | 8.8 |
2022-05-12 | CVE-2022-26420 | Inhandnetworks | OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.37 An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. | 8.8 |
2022-05-12 | CVE-2022-26518 | Inhandnetworks | OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.37 An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. | 8.8 |
2022-05-12 | CVE-2022-26780 | Inhandnetworks | Improper Input Validation vulnerability in Inhandnetworks Ir302 Firmware 3.5.37/3.5.4 Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. | 8.8 |
2022-05-12 | CVE-2022-26781 | Inhandnetworks | Out-of-bounds Write vulnerability in Inhandnetworks Ir302 Firmware 3.5.37/3.5.4 Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. | 8.8 |
2022-05-12 | CVE-2022-26782 | Inhandnetworks | Out-of-bounds Write vulnerability in Inhandnetworks Ir302 Firmware 3.5.37/3.5.4 Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. | 8.8 |
2022-05-12 | CVE-2022-27172 | Inhandnetworks | Use of Hard-coded Credentials vulnerability in Inhandnetworks Ir302 Firmware 3.5.37/3.5.4 A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. | 8.8 |
2022-05-12 | CVE-2022-28872 | F Secure | Unspecified vulnerability in F-Secure Safe A vulnerability affecting F-Secure SAFE browser was discovered. | 8.8 |
2022-05-11 | CVE-2022-30451 | Waimairencms Project | SQL Injection vulnerability in Waimairencms Project Waimairencms 9.1 An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1. | 8.8 |
2022-05-11 | CVE-2022-30060 | Ftcms | Unspecified vulnerability in Ftcms 2.1 ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php | 8.8 |
2022-05-11 | CVE-2021-42651 | Pentest Collaboration Framework Project | Code Injection vulnerability in Pentest Collaboration Framework Project Pentest Collaboration Framework 1.0.8 A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/. | 8.8 |
2022-05-11 | CVE-2022-29611 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
2022-05-11 | CVE-2022-26116 | Fortinet | SQL Injection vulnerability in Fortinet Fortinac Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters. | 8.8 |
2022-05-10 | CVE-2022-26927 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Remote Code Execution Vulnerability | 8.8 |
2022-05-10 | CVE-2022-1463 | Booking Calendar Project | Unspecified vulnerability in Booking Calendar Project Booking Calendar The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. | 8.8 |
2022-05-10 | CVE-2022-1397 | Easyappointments | Improper Privilege Management vulnerability in Easyappointments API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 8.8 |
2022-05-09 | CVE-2022-29933 | Craftcms | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. | 8.8 |
2022-05-09 | CVE-2022-1631 | Microweber | Incorrect Authorization vulnerability in Microweber Users Account Pre-Takeover or Users Account Takeover. | 8.8 |
2022-05-09 | CVE-2022-23332 | Ejointech | Code Injection vulnerability in Ejointech products Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. | 8.8 |
2022-05-13 | CVE-2021-22275 | BR Automation | Classic Buffer Overflow vulnerability in Br-Automation Automation Runtime Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service. | 8.6 |
2022-05-13 | CVE-2022-25762 | Apache Oracle | Improper Resource Shutdown or Release vulnerability in multiple products If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. | 8.6 |
2022-05-13 | CVE-2020-22983 | Microstrategy | Server-Side Request Forgery (SSRF) vulnerability in Microstrategy web A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. | 8.1 |
2022-05-12 | CVE-2022-21809 | Inhandnetworks | Unrestricted Upload of File with Dangerous Type vulnerability in Inhandnetworks Inrouter302 Firmware 3.5.37/3.5.4 A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. | 8.1 |
2022-05-10 | CVE-2022-23677 | Arubanetworks | Out-of-bounds Write vulnerability in Arubanetworks products A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. | 8.1 |
2022-05-12 | CVE-2021-0126 | Intel | Improper Input Validation vulnerability in Intel Manageability Commander Improper input validation for the Intel(R) Manageability Commander before version 2.2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | 8.0 |
2022-05-13 | CVE-2022-22281 | Sonicwall | Classic Buffer Overflow vulnerability in Sonicwall Netextender A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. | 7.8 |
2022-05-13 | CVE-2022-28826 | Adobe | Out-of-bounds Write vulnerability in Adobe Framemaker Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-05-12 | CVE-2022-23742 | Checkpoint | Link Following vulnerability in Checkpoint Endpoint Security Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. | 7.8 |
2022-05-12 | CVE-2021-26317 | AMD | Unspecified vulnerability in AMD products Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. | 7.8 |
2022-05-12 | CVE-2021-26386 | AMD | Out-of-bounds Write vulnerability in AMD products A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution. | 7.8 |
2022-05-12 | CVE-2021-26369 | AMD | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses. | 7.8 |
2022-05-12 | CVE-2021-0153 | Intel | Out-of-bounds Write vulnerability in Intel products Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | 7.8 |
2022-05-12 | CVE-2021-0154 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | 7.8 |
2022-05-12 | CVE-2021-0159 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | 7.8 |
2022-05-12 | CVE-2021-0188 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | 7.8 |
2022-05-12 | CVE-2021-0189 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Use of out-of-range pointer offset in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | 7.8 |
2022-05-12 | CVE-2021-0190 | Intel | Improper Handling of Exceptional Conditions vulnerability in Intel products Uncaught exception in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | 7.8 |
2022-05-12 | CVE-2021-26258 | Intel | Unspecified vulnerability in Intel Killer Control Center Improper access control for the Intel(R) Killer(TM) Control Center software before version 2.4.3337.0 may allow an authorized user to potentially enable escalation of privilege via local access. | 7.8 |
2022-05-12 | CVE-2021-33122 | Intel | Unspecified vulnerability in Intel products Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | 7.8 |
2022-05-12 | CVE-2021-33123 | Intel | Unspecified vulnerability in Intel products Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | 7.8 |
2022-05-12 | CVE-2021-40399 | WPS | Use After Free vulnerability in WPS Office 11.2.0.10351 An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. | 7.8 |
2022-05-12 | CVE-2022-21128 | Intel | Unspecified vulnerability in Intel Advisor Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-05-12 | CVE-2022-30594 | Linux Debian Netapp | Missing Authorization vulnerability in multiple products The Linux kernel before 5.17.2 mishandles seccomp permissions. | 7.8 |
2022-05-11 | CVE-2022-24102 | Adobe | Unspecified vulnerability in Adobe products Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-05-11 | CVE-2022-27794 | Adobe | Unspecified vulnerability in Adobe products Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by the use of a variable that has not been initialized when processing of embedded fonts, potentially resulting in arbitrary code execution in the context of the current user. | 7.8 |
2022-05-11 | CVE-2022-28236 | Adobe | Unspecified vulnerability in Adobe products Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-05-11 | CVE-2021-43066 | Fortinet | Exposure of Resource to Wrong Sphere vulnerability in Fortinet Forticlient A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer. | 7.8 |
2022-05-11 | CVE-2022-23743 | Checkpoint | Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Zonealarm Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. | 7.8 |
2022-05-11 | CVE-2021-37851 | Eset | Improper Handling of Exceptional Conditions vulnerability in Eset products Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. | 7.8 |
2022-05-11 | CVE-2022-28214 | SAP | Unspecified vulnerability in SAP products During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. | 7.8 |
2022-05-10 | CVE-2021-39738 | Missing Authorization vulnerability in Google Android In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. | 7.8 | |
2022-05-10 | CVE-2022-29105 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Windows Media Foundation Remote Code Execution Vulnerability | 7.8 |
2022-05-10 | CVE-2022-29148 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio 2017 Visual Studio Remote Code Execution Vulnerability | 7.8 |
2022-05-10 | CVE-2022-20004 | Missing Authorization vulnerability in Google Android In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. | 7.8 | |
2022-05-10 | CVE-2022-20005 | Unspecified vulnerability in Google Android In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . | 7.8 | |
2022-05-10 | CVE-2022-20113 | Unspecified vulnerability in Google Android 12.0/12.1 In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. | 7.8 | |
2022-05-10 | CVE-2022-20114 | Improper Privilege Management vulnerability in Google Android In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. | 7.8 | |
2022-05-10 | CVE-2022-20116 | Unspecified vulnerability in Google Android 12.0/12.1 In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. | 7.8 | |
2022-05-10 | CVE-2021-26324 | AMD | Unspecified vulnerability in AMD products A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs. | 7.8 |
2022-05-10 | CVE-2021-26353 | AMD | Improper Initialization vulnerability in AMD products Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity. | 7.8 |
2022-05-10 | CVE-2021-46771 | AMD | Unspecified vulnerability in AMD products Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application. | 7.8 |
2022-05-10 | CVE-2022-22454 | IBM | OS Command Injection vulnerability in IBM Infosphere Information Server on Cloud 11.7 IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 7.8 |
2022-05-10 | CVE-2022-26987 | TP Link Mercusys Fastcom | Out-of-bounds Write vulnerability in multiple products TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. | 7.8 |
2022-05-10 | CVE-2022-26988 | TP Link Mercusys Fastcom | Out-of-bounds Write vulnerability in multiple products TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. | 7.8 |
2022-05-10 | CVE-2022-1621 | VIM Debian Fedoraproject Apple | Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. | 7.8 |
2022-05-10 | CVE-2022-1629 | VIM Fedoraproject Apple | Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. | 7.8 |
2022-05-09 | CVE-2022-29971 | Insightsoftware | Argument Injection or Modification vulnerability in Insightsoftware Magnitude Simba Amazon Athena Odbc Driver An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code. | 7.8 |
2022-05-09 | CVE-2022-29972 | Insightsoftware | Argument Injection or Modification vulnerability in Insightsoftware Magnitude Simba Amazon Redshift Odbc Driver An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code. | 7.8 |
2022-05-09 | CVE-2022-30239 | Insightsoftware | Argument Injection or Modification vulnerability in Insightsoftware Magnitude Simba Amazon Athena Jdbc Driver An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. | 7.8 |
2022-05-09 | CVE-2022-30240 | Insightsoftware | Argument Injection or Modification vulnerability in Insightsoftware Magnitude Simba Amazon Redshift Jdbc Driver An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. | 7.8 |
2022-05-09 | CVE-2022-30524 | Xpdfreader | Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.0.4 There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. | 7.8 |
2022-05-12 | CVE-2021-27771 | Hcltech | Unrestricted Upload of File with Dangerous Type vulnerability in Hcltech Sametime 11.6 User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. | 7.6 |
2022-05-15 | CVE-2022-30049 | Ruifang Tech | Server-Side Request Forgery (SSRF) vulnerability in Ruifang-Tech Rebuild 2.8.3 A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. | 7.5 |
2022-05-15 | CVE-2022-28936 | Fisco Bcos | Integer Overflow or Wraparound vulnerability in Fisco-Bcos 3.0.0 FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet. | 7.5 |
2022-05-15 | CVE-2022-28937 | Fisco Bcos | Integer Overflow or Wraparound vulnerability in Fisco-Bcos 3.0.0 FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests. | 7.5 |
2022-05-13 | CVE-2022-1701 | Sonicwall | Use of Hard-coded Credentials vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. | 7.5 |
2022-05-13 | CVE-2022-25862 | SDS Project | Unspecified vulnerability in SDS Project SDS This affects the package sds from 0.0.0. | 7.5 |
2022-05-13 | CVE-2021-27505 | Myscada | Unspecified vulnerability in Myscada Mypro 7/7.0.26/8.20.0 mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. | 7.5 |
2022-05-13 | CVE-2021-33005 | Myscada | Unspecified vulnerability in Myscada Mypro 7/7.0.26/8.20.0 mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. | 7.5 |
2022-05-13 | CVE-2021-33009 | Myscada | Unspecified vulnerability in Myscada Mypro 7/7.0.26/8.20.0 mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. | 7.5 |
2022-05-13 | CVE-2021-33013 | Myscada | Missing Authorization vulnerability in Myscada Mypro 7/7.0.26/8.20.0 mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. | 7.5 |
2022-05-13 | CVE-2022-22252 | Huawei | Use After Free vulnerability in Huawei Emui, Harmonyos and Magic UI The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability. | 7.5 |
2022-05-13 | CVE-2021-46787 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash. | 7.5 |
2022-05-13 | CVE-2021-46788 | Huawei | Unspecified vulnerability in Huawei Emui and Magic UI Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations. | 7.5 |
2022-05-13 | CVE-2021-46789 | Huawei | Unspecified vulnerability in Huawei Emui and Magic UI Configuration defects in the secure OS module. | 7.5 |
2022-05-13 | CVE-2022-22261 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | 7.5 |
2022-05-13 | CVE-2022-29789 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services. | 7.5 |
2022-05-13 | CVE-2022-29790 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions. | 7.5 |
2022-05-13 | CVE-2022-29791 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | 7.5 |
2022-05-13 | CVE-2022-29792 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 |
2022-05-13 | CVE-2022-29793 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability. | 7.5 |
2022-05-13 | CVE-2022-29795 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The frame scheduling module has a null pointer dereference vulnerability. | 7.5 |
2022-05-13 | CVE-2022-29796 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | 7.5 |
2022-05-13 | CVE-2022-27134 | B1 | Incorrect Authorization vulnerability in B1 Eosio Batdappboomx 327C04Cf EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the `std::string memo` parameter. | 7.5 |
2022-05-13 | CVE-2022-29218 | Rubygems | Unspecified vulnerability in Rubygems Rubygems.Org RubyGems is a package registry used to supply software for the Ruby language ecosystem. | 7.5 |
2022-05-12 | CVE-2021-27777 | Hcltech | XXE vulnerability in Hcltech Unica XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. | 7.5 |
2022-05-12 | CVE-2021-27478 | Opener Project | Incorrect Conversion between Numeric Types vulnerability in Opener Project Opener A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may cause a denial-of-service condition. | 7.5 |
2022-05-12 | CVE-2021-27482 | Opener Project | Unspecified vulnerability in Opener Project Opener A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data. | 7.5 |
2022-05-12 | CVE-2021-27498 | Opener Project | Unspecified vulnerability in Opener Project Opener A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition. | 7.5 |
2022-05-12 | CVE-2021-27500 | Opener Project | Unspecified vulnerability in Opener Project Opener A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition. | 7.5 |
2022-05-12 | CVE-2022-29369 | F5 | Improper Check for Unusual or Exceptional Conditions vulnerability in F5 NJS 0.7.2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c. | 7.5 |
2022-05-12 | CVE-2022-1698 | Organizr | Integer Underflow (Wrap or Wraparound) vulnerability in Organizr Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. | 7.5 |
2022-05-12 | CVE-2022-1699 | Organizr | Resource Exhaustion vulnerability in Organizr Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. | 7.5 |
2022-05-12 | CVE-2022-29298 | Contec | Path Traversal vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.00 SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. | 7.5 |
2022-05-12 | CVE-2022-30279 | Stormshield | NULL Pointer Dereference vulnerability in Stormshield Network Security An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. | 7.5 |
2022-05-12 | CVE-2022-29885 | Apache Debian Oracle | The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. | 7.5 |
2022-05-11 | CVE-2022-30557 | Foxit | Type Confusion vulnerability in Foxit PDF Editor and PDF Reader Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution. | 7.5 |
2022-05-11 | CVE-2021-33317 | Trendnet | NULL Pointer Dereference vulnerability in Trendnet products The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. | 7.5 |
2022-05-11 | CVE-2022-29847 | Progress | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold 21.1.0/21.1.1/22.0.0 In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. | 7.5 |
2022-05-11 | CVE-2022-30040 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.12890 Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. | 7.5 |
2022-05-11 | CVE-2022-29616 | SAP | Unspecified vulnerability in SAP products SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. | 7.5 |
2022-05-11 | CVE-2021-44167 | Fortinet | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Forticlient An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links. | 7.5 |
2022-05-11 | CVE-2022-1510 | Gitlab | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. | 7.5 |
2022-05-11 | CVE-2022-29932 | Primeur | Memory Leak vulnerability in Primeur Spazio 2.5.1.954 The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request. | 7.5 |
2022-05-11 | CVE-2021-3254 | Asus | Unspecified vulnerability in Asus Dsl-N14U-B1 Firmware 1.1.2.3805 Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap. | 7.5 |
2022-05-10 | CVE-2022-1442 | Wpmet | Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3. | 7.5 |
2022-05-10 | CVE-2022-1453 | Carrcommunications | SQL Injection vulnerability in Carrcommunications Rsvpmaker The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. | 7.5 |
2022-05-10 | CVE-2022-1505 | Carrcommunications | SQL Injection vulnerability in Carrcommunications Rsvpmaker The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. | 7.5 |
2022-05-10 | CVE-2021-43010 | Safedog | SQL Injection vulnerability in Safedog Apache 4.0.30255 In Safedog Apache v4.0.30255, attackers can bypass this product for SQL injection. | 7.5 |
2022-05-10 | CVE-2022-28986 | Lmsdoctor | Authorization Bypass Through User-Controlled Key vulnerability in Lmsdoctor 2 Factor Authentication 2021072900 LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts. | 7.5 |
2022-05-10 | CVE-2021-41545 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). | 7.5 |
2022-05-09 | CVE-2022-23704 | HP | Unspecified vulnerability in HP Integrated Lights-Out 4 2.78 A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). | 7.5 |
2022-05-09 | CVE-2022-23705 | HPE | Unspecified vulnerability in HPE Nimbleos A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. | 7.5 |
2022-05-09 | CVE-2022-28739 | Ruby Lang Debian Apple | Out-of-bounds Read vulnerability in multiple products There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. | 7.5 |
2022-05-09 | CVE-2021-20479 | IBM | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud PAK System IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2022-05-09 | CVE-2022-30286 | Pyscript | Unspecified vulnerability in Pyscript 20220504 pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code. | 7.5 |
2022-05-09 | CVE-2022-30333 | Rarlab Debian | Path Traversal vulnerability in multiple products RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. | 7.5 |
2022-05-12 | CVE-2022-22139 | Intel | Uncontrolled Search Path Element vulnerability in Intel Extreme Tuning Utility 6.4.1.21/6.5.1.360/6.5.3.25 Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
2022-05-11 | CVE-2022-28247 | Adobe | Unspecified vulnerability in Adobe products Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation. | 7.3 |
2022-05-11 | CVE-2021-34605 | Xinje | Unspecified vulnerability in Xinje Xd/E Series PLC Program Tool A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. | 7.3 |
2022-05-11 | CVE-2021-34606 | Xinje | Uncontrolled Search Path Element vulnerability in Xinje Xd/E Series PLC Program Tool A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. | 7.3 |
2022-05-13 | CVE-2022-30393 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. | 7.2 |
2022-05-13 | CVE-2022-30396 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. | 7.2 |
2022-05-13 | CVE-2022-30398 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=. | 7.2 |
2022-05-13 | CVE-2022-30399 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=. | 7.2 |
2022-05-13 | CVE-2022-30400 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. | 7.2 |
2022-05-13 | CVE-2022-30401 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=. | 7.2 |
2022-05-13 | CVE-2022-30402 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. | 7.2 |
2022-05-13 | CVE-2022-30403 | Merchandise Online Store Product | SQL Injection vulnerability in Merchandise Online Store Product Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=. | 7.2 |
2022-05-13 | CVE-2022-30404 | College Management System Project | SQL Injection vulnerability in College Management System Project College Management System 1.0 College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=. | 7.2 |
2022-05-13 | CVE-2022-30411 | Covid 19 Travel Pass Management System Project | SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=. | 7.2 |
2022-05-13 | CVE-2022-30412 | Covid 19 Travel Pass Management System Project | SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=. | 7.2 |
2022-05-13 | CVE-2022-30414 | Covid 19 Travel Pass Management System Project | SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_application&id=. | 7.2 |
2022-05-13 | CVE-2022-30415 | Covid 19 Travel Pass Management System Project | SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=. | 7.2 |
2022-05-13 | CVE-2022-30417 | Covid 19 Travel Pass Management System Project | SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_user&id=. | 7.2 |
2022-05-13 | CVE-2022-30376 | Simple Social Networking Site Project | SQL Injection vulnerability in Simple Social Networking Site Project Simple Social Networking Site 1.0 Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=. | 7.2 |
2022-05-13 | CVE-2022-30378 | Simple Social Networking Site Project | SQL Injection vulnerability in Simple Social Networking Site Project Simple Social Networking Site 1.0 Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=. | 7.2 |
2022-05-13 | CVE-2022-30379 | Simple Social Networking Site Project | SQL Injection vulnerability in Simple Social Networking Site Project Simple Social Networking Site 1.0 Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=. | 7.2 |
2022-05-13 | CVE-2022-30371 | AIR Cargo Management System Project | SQL Injection vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0 Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=. | 7.2 |
2022-05-13 | CVE-2022-30372 | AIR Cargo Management System Project | SQL Injection vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0 Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo. | 7.2 |
2022-05-13 | CVE-2022-30373 | AIR Cargo Management System Project | SQL Injection vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0 Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=. | 7.2 |
2022-05-13 | CVE-2022-30374 | AIR Cargo Management System Project | SQL Injection vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0 Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=. | 7.2 |
2022-05-12 | CVE-2021-0193 | IBM | Improper Authentication vulnerability in IBM In-Band Manageability Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | 7.2 |
2022-05-12 | CVE-2021-0194 | Intel | Unspecified vulnerability in Intel In-Band Manageability Improper access control in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | 7.2 |
2022-05-12 | CVE-2022-26002 | Inhandnetworks | Out-of-bounds Write vulnerability in Inhandnetworks Ir302 Firmware 3.5.4 A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. | 7.2 |
2022-05-12 | CVE-2022-26007 | Inhandnetworks | OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.4 An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. | 7.2 |
2022-05-12 | CVE-2022-30002 | Insurance Management System Project | SQL Injection vulnerability in Insurance Management System Project Insurance Management System 1.0 Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editNominee.php?nominee_id=. | 7.2 |
2022-05-12 | CVE-2022-1681 | Requarks | Improper Authentication vulnerability in Requarks Wiki.Js Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. | 7.2 |
2022-05-11 | CVE-2022-30452 | Shopwind | SQL Injection vulnerability in Shopwind ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php | 7.2 |
2022-05-11 | CVE-2022-0024 | Paloaltonetworks | Unspecified vulnerability in Paloaltonetworks Pan-Os A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. | 7.2 |
2022-05-11 | CVE-2022-29318 | CAR Rental Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0 An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
2022-05-11 | CVE-2022-29655 | Wedding Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Management System Project Wedding Management System 1.0 An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
2022-05-11 | CVE-2020-19228 | Bludit | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.13.0 An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. | 7.2 |
2022-05-09 | CVE-2022-27224 | Galsys | OS Command Injection vulnerability in Galsys Nts-6002-Gps Firmware 4.14.103Galleonnts6002.V124 An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. | 7.2 |
2022-05-13 | CVE-2022-1714 | Radare | Unspecified vulnerability in Radare Radare2 Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. | 7.1 |
2022-05-12 | CVE-2022-29368 | Moddable | Out-of-bounds Read vulnerability in Moddable Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was discovered to contain an out-of-bounds read via the function fxUint8Getter at /moddable/xs/sources/xsDataView.c. | 7.1 |
2022-05-12 | CVE-2021-26362 | AMD | Unspecified vulnerability in AMD products A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability. | 7.1 |
2022-05-12 | CVE-2021-26366 | AMD | Unspecified vulnerability in AMD products An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity. | 7.1 |
2022-05-10 | CVE-2022-27167 | Eset | Improper Handling of Exceptional Conditions vulnerability in Eset products Privilege escalation vulnerability in Windows products of ESET, spol. | 7.1 |
2022-05-10 | CVE-2021-26332 | AMD | Unspecified vulnerability in AMD products Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability. | 7.1 |
2022-05-10 | CVE-2021-26370 | AMD | Improper Input Validation vulnerability in AMD products Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability. | 7.1 |
2022-05-10 | CVE-2021-26408 | AMD | Unspecified vulnerability in AMD products Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality. | 7.1 |
2022-05-10 | CVE-2022-20118 | Use After Free vulnerability in Google Android In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. | 7.0 | |
2022-05-10 | CVE-2022-20006 | Race Condition vulnerability in Google Android In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition. | 7.0 | |
2022-05-10 | CVE-2022-20007 | Race Condition vulnerability in Google Android In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. | 7.0 | |
2022-05-10 | CVE-2022-1537 | Gruntjs | Unspecified vulnerability in Gruntjs Grunt file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. | 7.0 |
181 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-05-13 | CVE-2022-29854 | Mitel | Incorrect Authorization vulnerability in Mitel Minet Firmware 1.8.0.12 A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. | 6.8 |
2022-05-12 | CVE-2021-33077 | Intel | Unspecified vulnerability in Intel products Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 6.8 |
2022-05-12 | CVE-2021-33080 | Intel | Improper Cross-boundary Removal of Sensitive Data vulnerability in Intel products Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access. | 6.8 |
2022-05-12 | CVE-2022-0004 | Intel | Unspecified vulnerability in Intel products Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in Intel(R) Boot Guard and Intel(R) TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 6.8 |
2022-05-11 | CVE-2022-29855 | Mitel | Unspecified vulnerability in Mitel products Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. | 6.8 |
2022-05-10 | CVE-2022-20009 | Out-of-bounds Write vulnerability in Google Android In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2022-05-12 | CVE-2021-33103 | Intel | Unspecified vulnerability in Intel products Unintended intermediary in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | 6.7 |
2022-05-12 | CVE-2021-33108 | Intel | Improper Input Validation vulnerability in Intel In-Band Manageability Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-05-12 | CVE-2021-33124 | Intel | Out-of-bounds Write vulnerability in Intel products Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | 6.7 |
2022-05-12 | CVE-2022-21237 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer access in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-05-12 | CVE-2022-24297 | Intel | Unspecified vulnerability in Intel products Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-05-12 | CVE-2022-24382 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-05-12 | CVE-2022-24910 | Inhandnetworks | Classic Buffer Overflow vulnerability in Inhandnetworks Ir302 Firmware 3.5.37/3.5.4 A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. | 6.7 |
2022-05-11 | CVE-2021-30361 | Checkpoint | OS Command Injection vulnerability in Checkpoint Gaia OS and Gaia Portal The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. | 6.7 |
2022-05-11 | CVE-2022-0025 | Paloaltonetworks | Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent 7.7.1 A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. | 6.7 |
2022-05-11 | CVE-2022-0026 | Paloaltonetworks | Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. | 6.7 |
2022-05-11 | CVE-2022-22975 | Vmware | Injection vulnerability in VMWare Pinniped An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. | 6.6 |
2022-05-13 | CVE-2022-22393 | IBM | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. | 6.5 |
2022-05-13 | CVE-2022-30381 | Merchandise Online Store Project | Unspecified vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. | 6.5 |
2022-05-13 | CVE-2022-30408 | Covid 19 Travel Pass Management System Project | Unspecified vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0 Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. | 6.5 |
2022-05-13 | CVE-2022-30367 | AIR Cargo Management System Project | Incorrect Default Permissions vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0 Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img. | 6.5 |
2022-05-13 | CVE-2022-30375 | Simple Social Networking Site Project | Incorrect Default Permissions vulnerability in Simple Social Networking Site Project Simple Social Networking Site 1.0 Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img. | 6.5 |
2022-05-12 | CVE-2021-27772 | Hcltech | Unspecified vulnerability in Hcltech Sametime 11.6 Users are able to read group conversations without actively taking part in them. | 6.5 |
2022-05-12 | CVE-2022-22971 | Vmware Oracle Netapp | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. | 6.5 |
2022-05-12 | CVE-2022-26020 | Inhandnetworks | Use of Hard-coded Credentials vulnerability in Inhandnetworks Ir302 Firmware 3.5.37 An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. | 6.5 |
2022-05-12 | CVE-2022-26510 | Inhandnetworks | Improper Verification of Cryptographic Signature vulnerability in Inhandnetworks Ir302 Firmware 3.5.37 A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. | 6.5 |
2022-05-12 | CVE-2022-1044 | Trudesk Project | Insecure Storage of Sensitive Information vulnerability in Trudesk Project Trudesk Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. | 6.5 |
2022-05-11 | CVE-2021-36613 | Mikrotik | NULL Pointer Dereference vulnerability in Mikrotik Routeros Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. | 6.5 |
2022-05-11 | CVE-2021-36614 | Mikrotik | NULL Pointer Dereference vulnerability in Mikrotik Routeros Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. | 6.5 |
2022-05-11 | CVE-2022-24584 | Yubico | Incorrect Authorization vulnerability in Yubico OTP Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. | 6.5 |
2022-05-11 | CVE-2022-29845 | Progress | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Progress Whatsup Gold 21.1.0/21.1.1/22.0.0 In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. | 6.5 |
2022-05-11 | CVE-2022-29848 | Progress | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. | 6.5 |
2022-05-11 | CVE-2022-30059 | Shopwind | Path Traversal vulnerability in Shopwind Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php. | 6.5 |
2022-05-11 | CVE-2022-30061 | Ftcms | Path Traversal vulnerability in Ftcms 2.1 ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp. | 6.5 |
2022-05-11 | CVE-2022-30062 | Ftcms | Path Traversal vulnerability in Ftcms 2.1 ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php | 6.5 |
2022-05-11 | CVE-2021-46744 | AMD | Information Exposure Through Discrepancy vulnerability in AMD products An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. | 6.5 |
2022-05-11 | CVE-2021-3611 | Qemu Redhat | A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. | 6.5 |
2022-05-11 | CVE-2022-1406 | Gitlab | Improper Input Validation vulnerability in Gitlab Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project | 6.5 |
2022-05-11 | CVE-2022-29008 | Phpgurukul | Authorization Bypass Through User-Controlled Key vulnerability in PHPgurukul BUS Pass Management System 1.0 An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. | 6.5 |
2022-05-11 | CVE-2022-29977 | Libsixel Project | Reachable Assertion vulnerability in Libsixel Project Libsixel 1.8.6 There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. | 6.5 |
2022-05-11 | CVE-2022-29978 | Libsixel Project | Incorrect Calculation vulnerability in Libsixel Project Libsixel 1.8.6 There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. | 6.5 |
2022-05-10 | CVE-2022-26934 | Microsoft | Unspecified vulnerability in Microsoft products Windows Graphics Component Information Disclosure Vulnerability | 6.5 |
2022-05-10 | CVE-2022-26935 | Microsoft | Unspecified vulnerability in Microsoft products Windows WLAN AutoConfig Service Information Disclosure Vulnerability | 6.5 |
2022-05-10 | CVE-2022-28601 | Lmsdoctor | Incorrect Authorization vulnerability in Lmsdoctor 2 Factor Authentication A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. | 6.5 |
2022-05-10 | CVE-2022-1476 | Servmask | Unspecified vulnerability in Servmask All-In-One WP Migration The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. | 6.5 |
2022-05-10 | CVE-2022-20010 | Out-of-bounds Read vulnerability in Google Android 12.0/12.1 In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. | 6.5 | |
2022-05-10 | CVE-2022-24040 | Siemens | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). | 6.5 |
2022-05-10 | CVE-2022-24041 | Siemens | Use of Password Hash With Insufficient Computational Effort vulnerability in Siemens products A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). | 6.5 |
2022-05-11 | CVE-2022-28244 | Adobe | Unspecified vulnerability in Adobe products Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content security policy, which could result in an attacker sending arbitrarily configured requests to the cross-origin attack target domain. | 6.3 |
2022-05-10 | CVE-2021-26390 | AMD | Unspecified vulnerability in AMD products A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. | 6.2 |
2022-05-13 | CVE-2022-1702 | Sonicwall | Open Redirect vulnerability in Sonicwall products SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability. | 6.1 |
2022-05-13 | CVE-2022-30489 | Wavlink | Cross-site Scripting vulnerability in Wavlink Wn535G3 Firmware WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. | 6.1 |
2022-05-12 | CVE-2020-22984 | Microstrategy | Cross-site Scripting vulnerability in Microstrategy web SDK Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task. | 6.1 |
2022-05-12 | CVE-2020-22985 | Microstrategy | Cross-site Scripting vulnerability in Microstrategy web SDK Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task. | 6.1 |
2022-05-12 | CVE-2020-22986 | Microstrategy | Cross-site Scripting vulnerability in Microstrategy web SDK Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task. | 6.1 |
2022-05-12 | CVE-2020-22987 | Microstrategy | Cross-site Scripting vulnerability in Microstrategy web SDK Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task. | 6.1 |
2022-05-12 | CVE-2022-22797 | Sysaid | Open Redirect vulnerability in Sysaid 21.1.30/21.1.50/21.4.45 Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. | 6.1 |
2022-05-12 | CVE-2022-23165 | Sysaid | Cross-site Scripting vulnerability in Sysaid Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. | 6.1 |
2022-05-12 | CVE-2021-22531 | Microfocus | Cross-site Scripting vulnerability in Microfocus Access Manager 4.5/5.0 A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. | 6.1 |
2022-05-12 | CVE-2022-28818 | Adobe | Unspecified vulnerability in Adobe Coldfusion ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2022-05-12 | CVE-2022-21238 | Inhandnetworks | Cross-site Scripting vulnerability in Inhandnetworks Inrouter302 Firmware 3.5.37/3.5.4 A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. | 6.1 |
2022-05-12 | CVE-2022-25172 | Inhandnetworks | Incorrect Permission Assignment for Critical Resource vulnerability in Inhandnetworks Ir302 Firmware 3.5.4 An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. | 6.1 |
2022-05-12 | CVE-2022-28919 | Dokuwiki Fedoraproject | Cross-site Scripting vulnerability in multiple products HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. | 6.1 |
2022-05-12 | CVE-2022-1682 | Facturascripts | Cross-site Scripting vulnerability in Facturascripts Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. | 6.1 |
2022-05-12 | CVE-2022-29927 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible | 6.1 |
2022-05-12 | CVE-2022-29929 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible | 6.1 |
2022-05-11 | CVE-2021-28290 | Identityserver4 Admin Project | Cross-site Scripting vulnerability in Identityserver4.Admin Project Identityserver4.Admin A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter. | 6.1 |
2022-05-11 | CVE-2021-42648 | Coder | Cross-site Scripting vulnerability in Coder Code-Server Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL. | 6.1 |
2022-05-11 | CVE-2022-23137 | ZTE | Cross-site Scripting vulnerability in ZTE Zxcdn Firmware ZTE's ZXCDN product has a reflective XSS vulnerability. | 6.1 |
2022-05-11 | CVE-2021-43081 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortios and Fortiproxy An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. | 6.1 |
2022-05-11 | CVE-2022-1433 | Gitlab | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. | 6.1 |
2022-05-11 | CVE-2022-27656 | SAP | Unspecified vulnerability in SAP products The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2022-05-11 | CVE-2022-28077 | Home Owners Collection Management System Project | Cross-site Scripting vulnerability in Home Owners Collection Management System Project Home Owners Collection Management System 1.0 Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter. | 6.1 |
2022-05-11 | CVE-2022-28078 | Home Owners Collection Management System Project | Cross-site Scripting vulnerability in Home Owners Collection Management System Project Home Owners Collection Management System 1.0 Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter. | 6.1 |
2022-05-11 | CVE-2022-29728 | Surveysparrow | Cross-site Scripting vulnerability in Surveysparrow Enterprise Survey Software 2022 Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter. | 6.1 |
2022-05-10 | CVE-2022-1567 | WP JS Project | Cross-site Scripting vulnerability in Wp-Js Project Wp-Js 2.0.6 The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. | 6.1 |
2022-05-10 | CVE-2022-30278 | Synopsys | Cross-site Scripting vulnerability in Synopsys Black Duck HUB A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. | 6.1 |
2022-05-10 | CVE-2021-39024 | IBM | Cross-site Scripting vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0/5.0.0.3 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. | 6.1 |
2022-05-09 | CVE-2022-0625 | Admin Menu Editor Project | Unspecified vulnerability in Admin Menu Editor Project Admin Menu Editor The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 6.1 |
2022-05-09 | CVE-2022-1047 | Themify | Unspecified vulnerability in Themify Post Type Builder Search Addon The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. | 6.1 |
2022-05-09 | CVE-2022-1171 | Vertical Scroll Recent Post Project | Unspecified vulnerability in Vertical Scroll Recent Post Project Vertical Scroll Recent Post 14.0 The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-05-12 | CVE-2021-27768 | Hcltech | Improper Certificate Validation vulnerability in Hcltech Verse Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. | 5.9 |
2022-05-10 | CVE-2022-26925 | Microsoft | Missing Authentication for Critical Function vulnerability in Microsoft products Windows LSA Spoofing Vulnerability | 5.9 |
2022-05-13 | CVE-2022-22325 | IBM | Unspecified vulnerability in IBM MQ for HPE Nonstop 8.1.0 IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. | 5.5 |
2022-05-12 | CVE-2021-26351 | AMD | Improper Input Validation vulnerability in AMD products Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service. | 5.5 |
2022-05-12 | CVE-2021-26361 | AMD | Unspecified vulnerability in AMD products A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure. | 5.5 |
2022-05-12 | CVE-2021-0155 | Intel | Unchecked Return Value vulnerability in Intel products Unchecked return value in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | 5.5 |
2022-05-12 | CVE-2021-33069 | Intel | Improper Resource Shutdown or Release vulnerability in Intel products Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable denial of service via local access. | 5.5 |
2022-05-12 | CVE-2021-33117 | Intel Netapp | Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. | 5.5 |
2022-05-12 | CVE-2021-33135 | Intel | Resource Exhaustion vulnerability in Intel Software Guard Extensions Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2022-05-12 | CVE-2021-33149 | Intel | Information Exposure Through Discrepancy vulnerability in Intel products Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | 5.5 |
2022-05-12 | CVE-2022-21131 | Intel | Unspecified vulnerability in Intel products Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-05-12 | CVE-2022-21136 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial of service via local access. | 5.5 |
2022-05-12 | CVE-2022-21147 | Estsoft | Out-of-bounds Read vulnerability in Estsoft Alyac 2.5.7.7 An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. | 5.5 |
2022-05-12 | CVE-2022-21151 | Intel Netapp Debian | Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-05-12 | CVE-2022-29302 | Contec | Files or Directories Accessible to External Parties vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.00 SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php. | 5.5 |
2022-05-12 | CVE-2022-1674 | VIM Fedoraproject Apple | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. | 5.5 |
2022-05-11 | CVE-2022-28263 | Adobe | Unspecified vulnerability in Adobe products Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 5.5 |
2022-05-11 | CVE-2021-26339 | AMD | Unspecified vulnerability in AMD products A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. | 5.5 |
2022-05-11 | CVE-2021-26348 | AMD | Unspecified vulnerability in AMD products Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | 5.5 |
2022-05-11 | CVE-2021-26349 | AMD | Unspecified vulnerability in AMD products Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA). | 5.5 |
2022-05-11 | CVE-2021-26364 | AMD | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service. | 5.5 |
2022-05-11 | CVE-2021-26372 | AMD | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | 5.5 |
2022-05-11 | CVE-2021-26373 | AMD | Improper Input Validation vulnerability in AMD products Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | 5.5 |
2022-05-11 | CVE-2021-26375 | AMD | Unspecified vulnerability in AMD products Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. | 5.5 |
2022-05-11 | CVE-2021-26376 | AMD | Unspecified vulnerability in AMD products Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. | 5.5 |
2022-05-11 | CVE-2021-26378 | AMD | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | 5.5 |
2022-05-11 | CVE-2021-26388 | AMD | Out-of-bounds Read vulnerability in AMD products Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service. | 5.5 |
2022-05-11 | CVE-2022-1622 | Libtiff Fedoraproject Netapp Apple | Out-of-bounds Read vulnerability in multiple products LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2022-05-11 | CVE-2022-1623 | Libtiff Fedoraproject Netapp Debian | Out-of-bounds Read vulnerability in multiple products LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
2022-05-11 | CVE-2022-28774 | SAP | Unspecified vulnerability in SAP Host Agent 7.22 Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. | 5.5 |
2022-05-10 | CVE-2022-20117 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. | 5.5 | |
2022-05-10 | CVE-2022-20119 | Use of Uninitialized Resource vulnerability in Google Android In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. | 5.5 | |
2022-05-10 | CVE-2022-20121 | Missing Authorization vulnerability in Google Android In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. | 5.5 | |
2022-05-10 | CVE-2022-29107 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Security Feature Bypass Vulnerability | 5.5 |
2022-05-10 | CVE-2021-39670 | Allocation of Resources Without Limits or Throttling vulnerability in Google Android 12.0/12.1 In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. | 5.5 | |
2022-05-10 | CVE-2021-39700 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. | 5.5 | |
2022-05-10 | CVE-2022-20011 | Missing Authorization vulnerability in Google Android In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. | 5.5 | |
2022-05-10 | CVE-2022-20112 | Improper Privilege Management vulnerability in Google Android In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. | 5.5 | |
2022-05-10 | CVE-2022-20115 | Missing Authorization vulnerability in Google Android 12.0/12.1 In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. | 5.5 | |
2022-05-10 | CVE-2021-26352 | AMD | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. | 5.5 |
2022-05-10 | CVE-2022-1649 | Radare | NULL Pointer Dereference vulnerability in Radare Radare2 Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. | 5.5 |
2022-05-09 | CVE-2022-29868 | 1Password | Cleartext Storage of Sensitive Information vulnerability in 1Password 1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. | 5.5 |
2022-05-09 | CVE-2022-27114 | Htmldoc Project Debian | Integer Overflow or Wraparound vulnerability in multiple products There is a vulnerability in htmldoc 1.9.16. | 5.5 |
2022-05-09 | CVE-2022-28161 | Brocade | Information Exposure Through Log Files vulnerability in Brocade Sannav An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. | 5.5 |
2022-05-13 | CVE-2022-29433 | Donations Project | Unspecified vulnerability in Donations Project Donations Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress. | 5.4 |
2022-05-11 | CVE-2021-31330 | Reviewboard | Cross-site Scripting vulnerability in Reviewboard Review Board 3.0.20/4.0 A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. | 5.4 |
2022-05-11 | CVE-2022-30057 | Shopwind | Cross-site Scripting vulnerability in Shopwind Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. | 5.4 |
2022-05-11 | CVE-2021-39059 | IBM | Cross-site Scripting vulnerability in IBM Jazz Foundation IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. | 5.4 |
2022-05-11 | CVE-2022-29610 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. | 5.4 |
2022-05-11 | CVE-2022-29727 | Surveysparrow | Cross-site Scripting vulnerability in Surveysparrow Enterprise Survey Software 2022 Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. | 5.4 |
2022-05-11 | CVE-2022-29975 | Altn | Cross-site Scripting vulnerability in Altn Mdaemon An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 . | 5.4 |
2022-05-11 | CVE-2022-29976 | Altn | Cross-site Scripting vulnerability in Altn Mdaemon An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 . | 5.4 |
2022-05-10 | CVE-2022-1209 | Ultimatemember | Unspecified vulnerability in Ultimatemember Ultimate Member The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1. | 5.4 |
2022-05-09 | CVE-2021-43712 | Employee Daily Task Management System Project | Cross-site Scripting vulnerability in Employee Daily Task Management System Project Employee Daily Task Management System 1.0 Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. | 5.4 |
2022-05-09 | CVE-2022-27308 | Phprojekt Phpsimplygest Project | Cross-site Scripting vulnerability in PHProjekt PHPsimplygest Project PHProjekt PHPsimplygest 1.3.0 A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title. | 5.4 |
2022-05-09 | CVE-2022-0898 | Getigniteup | Unspecified vulnerability in Getigniteup Igniteup The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues | 5.4 |
2022-05-09 | CVE-2022-22319 | IBM | Unspecified vulnerability in IBM products IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. | 5.4 |
2022-05-13 | CVE-2021-46785 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier. | 5.3 |
2022-05-13 | CVE-2022-27247 | Cdsoft | Authorization Bypass Through User-Controlled Key vulnerability in Cdsoft Winhotel.Mx 2021 onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference. | 5.3 |
2022-05-12 | CVE-2021-27769 | Hcltech | Unspecified vulnerability in Hcltech Sametime 11.6 Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. | 5.3 |
2022-05-12 | CVE-2022-22970 | Vmware Oracle Netapp | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. | 5.3 |
2022-05-12 | CVE-2022-29538 | Resi | Unspecified vulnerability in Resi Gemini-Net 4.2 RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. | 5.3 |
2022-05-11 | CVE-2022-29846 | Progress | Unspecified vulnerability in Progress Whatsup Gold In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. | 5.3 |
2022-05-11 | CVE-2022-30058 | Shopwind | Path Traversal vulnerability in Shopwind Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php. | 5.3 |
2022-05-11 | CVE-2022-1352 | Gitlab | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members. | 5.3 |
2022-05-10 | CVE-2022-0866 | Redhat | Incorrect Authorization vulnerability in Redhat products This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. | 5.3 |
2022-05-10 | CVE-2022-1431 | Gitlab | Improper Input Validation vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. | 5.3 |
2022-05-09 | CVE-2019-25060 | Wpgraphql | Unspecified vulnerability in Wpgraphql 0.2.3 The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. | 5.3 |
2022-05-09 | CVE-2022-0424 | Supsystic | Unspecified vulnerability in Supsystic Popup The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users | 5.3 |
2022-05-09 | CVE-2022-22481 | IBM | Unspecified vulnerability in IBM I 7.2/7.3/7.4 IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. | 5.3 |
2022-05-12 | CVE-2022-29928 | Jetbrains | Information Exposure Through Log Files vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible | 4.9 |
2022-05-12 | CVE-2022-29930 | Jetbrains | Use of Insufficiently Random Values vulnerability in Jetbrains Ktor 2.0.0 SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. | 4.9 |
2022-05-11 | CVE-2022-1460 | Gitlab | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. | 4.9 |
2022-05-12 | CVE-2022-28920 | Moecraft | Cross-site Scripting vulnerability in Moecraft Tieba-Cloud-Sign 4.9 Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags. | 4.8 |
2022-05-11 | CVE-2022-22320 | IBM | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.3.3/7.4.3 IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. | 4.8 |
2022-05-09 | CVE-2022-0874 | WP Experts | Unspecified vulnerability in Wp-Experts WP Social Buttons The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-05-09 | CVE-2022-1104 | Code Atlantic | Unspecified vulnerability in Code-Atlantic Popup Maker The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
2022-05-09 | CVE-2022-1303 | Slide Anything Project | Unspecified vulnerability in Slide Anything Project Slide Anything The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 4.8 |
2022-05-09 | CVE-2022-1338 | Commonninja | Cross-site Scripting vulnerability in Commonninja Easily Generate Rest API The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
2022-05-12 | CVE-2021-33075 | Intel | Race Condition vulnerability in Intel products Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access. | 4.7 |
2022-05-12 | CVE-2021-33078 | Intel | Race Condition vulnerability in Intel products Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access. | 4.7 |
2022-05-11 | CVE-2021-26347 | AMD | Improper Validation of Specified Quantity in Input vulnerability in AMD products Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service. | 4.7 |
2022-05-11 | CVE-2021-26350 | AMD | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service. | 4.7 |
2022-05-12 | CVE-2021-33074 | Intel | Unspecified vulnerability in Intel products Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access. | 4.6 |
2022-05-12 | CVE-2021-33082 | Intel | Improper Cross-boundary Removal of Sensitive Data vulnerability in Intel products Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access. | 4.6 |
2022-05-12 | CVE-2021-33130 | Intel | Insecure Default Initialization of Resource vulnerability in Intel Realsense ID F450 Firmware Insecure default variable initialization of Intel(R) RealSense(TM) ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical access. | 4.6 |
2022-05-10 | CVE-2022-20008 | Use of Uninitialized Resource vulnerability in Google Android In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. | 4.6 | |
2022-05-12 | CVE-2021-26363 | AMD | Unspecified vulnerability in AMD products A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure. | 4.4 |
2022-05-12 | CVE-2021-26368 | AMD | Insufficient Verification of Data Authenticity vulnerability in AMD products Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service. | 4.4 |
2022-05-12 | CVE-2021-33083 | Intel | Improper Authentication vulnerability in Intel products Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access. | 4.4 |
2022-05-12 | CVE-2021-27773 | Hcltech | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Sametime 11.6 This vulnerability allows users to execute a clickjacking attack in the meeting's chat. | 4.3 |
2022-05-12 | CVE-2022-28873 | F Secure | Unspecified vulnerability in F-Secure Safe A vulnerability affecting F-Secure SAFE browser was discovered. | 4.3 |
2022-05-11 | CVE-2022-0027 | Paloaltonetworks | Unspecified vulnerability in Paloaltonetworks Cortex Xsoar An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. | 4.3 |
2022-05-11 | CVE-2022-1124 | Gitlab | Incorrect Authorization vulnerability in Gitlab An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled | 4.3 |
2022-05-11 | CVE-2022-1428 | Gitlab | Allocation of Resources Without Limits or Throttling vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. | 4.3 |
2022-05-11 | CVE-2022-1545 | Gitlab | Unspecified vulnerability in Gitlab It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note. | 4.3 |
2022-05-11 | CVE-2022-29613 | SAP | Unspecified vulnerability in SAP Employee Self Service 605 Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. | 4.3 |
2022-05-10 | CVE-2022-1417 | Gitlab | Incorrect Authorization vulnerability in Gitlab Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs | 4.3 |
2022-05-10 | CVE-2022-24466 | Microsoft | Unspecified vulnerability in Microsoft products Windows Hyper-V Security Feature Bypass Vulnerability | 4.1 |
2022-05-11 | CVE-2021-26400 | AMD | Unspecified vulnerability in AMD CPU AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage. | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-05-11 | CVE-2022-1426 | Gitlab | Improper Authentication vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. | 3.7 |
2022-05-11 | CVE-2022-28252 | Adobe | Out-of-bounds Read vulnerability in Adobe products Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 3.3 |
2022-05-11 | CVE-2021-26342 | AMD | Unspecified vulnerability in AMD products In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). | 3.3 |
2022-05-09 | CVE-2022-28162 | Broadcom | Cleartext Storage of Sensitive Information vulnerability in Broadcom Sannav 2.1.0/2.1.1/2.1.1.8 Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. | 3.3 |
2022-05-12 | CVE-2022-0005 | Intel | Cleartext Transmission of Sensitive Information vulnerability in Intel products Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access. | 2.4 |