Weekly Vulnerabilities Reports > May 23 to 29, 2022
Overview
361 new vulnerabilities reported during this period, including 56 critical vulnerabilities and 168 high severity vulnerabilities. This weekly summary report vulnerabilities in 336 products from 159 vendors including Apple, Chshcms, Fedoraproject, Debian, and Cisco. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Classic Buffer Overflow", and "Out-of-bounds Read".
- 251 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 124 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 228 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 77 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
56 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-05-23 | CVE-2022-1467 | Aveva | Unspecified vulnerability in Aveva products Windows OS can be configured to overlay a “language bar” on top of any application. | 9.9 |
2022-05-26 | CVE-2022-26775 | Apple | Integer Overflow or Wraparound vulnerability in Apple mac OS X and Macos An integer overflow was addressed with improved input validation. | 9.8 |
2022-05-26 | CVE-2022-26776 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved checks. | 9.8 |
2022-05-26 | CVE-2022-29632 | Roncoo | Unrestricted Upload of File with Dangerous Type vulnerability in Roncoo Roncoo-Education 9.0.0 An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. | 9.8 |
2022-05-26 | CVE-2022-29633 | Linglong Project | Unspecified vulnerability in Linglong Project Linglong 1.0 An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie. | 9.8 |
2022-05-26 | CVE-2022-26708 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved checks. | 9.8 |
2022-05-26 | CVE-2022-26711 | Apple | Integer Overflow or Wraparound vulnerability in Apple products An integer overflow issue was addressed with improved input validation. | 9.8 |
2022-05-26 | CVE-2022-26723 | Apple | Out-of-bounds Write vulnerability in Apple Macos A memory corruption issue was addressed with improved input validation. | 9.8 |
2022-05-26 | CVE-2021-33016 | Kuka | Unspecified vulnerability in Kuka KR C4 Firmware and KSS An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. | 9.8 |
2022-05-26 | CVE-2022-21831 | Rubyonrails Debian | Code Injection vulnerability in multiple products A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. | 9.8 |
2022-05-26 | CVE-2022-30493 | Automotive Shop Management System Project | SQL Injection vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation). | 9.8 |
2022-05-26 | CVE-2022-30495 | Automotive Shop Management System Project | Authorization Bypass Through User-Controlled Key vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) | 9.8 |
2022-05-26 | CVE-2022-30516 | Hospital Management System Project | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. | 9.8 |
2022-05-26 | CVE-2022-24422 | Dell | Improper Authentication vulnerability in Dell Idrac9 Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. | 9.8 |
2022-05-26 | CVE-2022-30472 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318) Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat | 9.8 |
2022-05-26 | CVE-2022-30474 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318) Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. | 9.8 |
2022-05-26 | CVE-2022-30476 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318) Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. | 9.8 |
2022-05-26 | CVE-2022-30477 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318) Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. | 9.8 |
2022-05-26 | CVE-2022-30500 | Jflyfox | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal cms 5.1.0 is vulnerable to SQL Injection. | 9.8 |
2022-05-26 | CVE-2022-1664 | Debian Netapp | Path Traversal vulnerability in multiple products Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. | 9.8 |
2022-05-26 | CVE-2022-29660 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. | 9.8 |
2022-05-25 | CVE-2022-26082 | Openautomationsoftware | Unspecified vulnerability in Openautomationsoftware OAS Platform 16.00.0112 A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. | 9.8 |
2022-05-25 | CVE-2022-23775 | Truestack | Unspecified vulnerability in Truestack Direct Connect 1.4.7 TrueStack Direct Connect 1.4.7 has Incorrect Access Control. | 9.8 |
2022-05-25 | CVE-2022-29379 | F5 | Out-of-bounds Write vulnerability in F5 NJS 0.7.3 Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. | 9.8 |
2022-05-25 | CVE-2022-29650 | Online Food Ordering System Project | SQL Injection vulnerability in Online Food Ordering System Project Online Food Ordering System 1.0 Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | 9.8 |
2022-05-25 | CVE-2022-26945 | Hashicorp | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. | 9.8 |
2022-05-25 | CVE-2022-28862 | Archibus | SQL Injection vulnerability in Archibus web Central 21.3.3.815 In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. | 9.8 |
2022-05-25 | CVE-2022-30595 | Python | Out-of-bounds Write vulnerability in Python Pillow 9.1.0 libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. | 9.8 |
2022-05-25 | CVE-2022-29361 | Palletsprojects | HTTP Request Smuggling vulnerability in Palletsprojects Werkzeug Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. | 9.8 |
2022-05-24 | CVE-2022-29334 | H Project | Authentication Bypass by Capture-replay vulnerability in H Project H 1.0 An issue in H v1.0 allows attackers to bypass authentication via a session replay attack. | 9.8 |
2022-05-24 | CVE-2022-29337 | Cdatatec | OS Command Injection vulnerability in Cdatatec Fd702Xw-X-R430 Firmware 2.1.13X001 C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. | 9.8 |
2022-05-24 | CVE-2013-10003 | Telecomsoftware | SQL Injection vulnerability in Telecomsoftware Samwin Agent and Samwin Contact Center A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. | 9.8 |
2022-05-24 | CVE-2013-10004 | Telecomsoftware | Improper Restriction of Excessive Authentication Attempts vulnerability in Telecomsoftware Samwin Agent and Samwin Contact Center A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. | 9.8 |
2022-05-24 | CVE-2021-45914 | Luxsoft | Unspecified vulnerability in Luxsoft Luxcal In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. | 9.8 |
2022-05-24 | CVE-2021-45915 | Luxsoft | Unspecified vulnerability in Luxsoft Luxcal In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. | 9.8 |
2022-05-24 | CVE-2022-29223 | Microsoft | Classic Buffer Overflow vulnerability in Microsoft Azure Rtos Usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. | 9.8 |
2022-05-24 | CVE-2022-29246 | Microsoft | Unspecified vulnerability in Microsoft Azure Rtos Usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. | 9.8 |
2022-05-24 | CVE-2022-30838 | Covid 19 Travel Pass Management System Project | SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status | 9.8 |
2022-05-24 | CVE-2022-30461 | Water Billing System Project | SQL Injection vulnerability in Water Billing System Project Water Billing System 1.0 Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id | 9.8 |
2022-05-24 | CVE-2021-42654 | Sscms | Unrestricted Upload of File with Dangerous Type vulnerability in Sscms Siteserver CMS SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. | 9.8 |
2022-05-24 | CVE-2022-30454 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. | 9.8 |
2022-05-24 | CVE-2022-30455 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. | 9.8 |
2022-05-23 | CVE-2021-32935 | Cognex | Unspecified vulnerability in Cognex In-Sight OPC Server The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. | 9.8 |
2022-05-23 | CVE-2021-32941 | Annke | Out-of-bounds Write vulnerability in Annke N48Pbb Firmware 3.4.106 Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root). | 9.8 |
2022-05-23 | CVE-2022-28932 | Dlink | Incorrect Default Permissions vulnerability in Dlink Dsl-G2452Dg Firmware D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. | 9.8 |
2022-05-23 | CVE-2022-29599 | Apache Debian | In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | 9.8 |
2022-05-23 | CVE-2022-0781 | Nirweb | Unspecified vulnerability in Nirweb Support The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection | 9.8 |
2022-05-23 | CVE-2022-1014 | Labarta | Unspecified vulnerability in Labarta WP Contacts Manager The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. | 9.8 |
2022-05-25 | CVE-2022-26833 | Openautomationsoftware | Unspecified vulnerability in Openautomationsoftware OAS Platform 16.00.0112 An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. | 9.4 |
2022-05-27 | CVE-2022-20797 | Cisco | OS Command Injection vulnerability in Cisco Secure Network Analytics 2.1.1 A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. | 9.1 |
2022-05-26 | CVE-2022-26693 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved checks. | 9.1 |
2022-05-26 | CVE-2022-26694 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved checks. | 9.1 |
2022-05-26 | CVE-2022-1899 | Radare | Out-of-bounds Read vulnerability in Radare Radare2 Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. | 9.1 |
2022-05-25 | CVE-2021-27779 | Hcltech | Missing Encryption of Sensitive Data vulnerability in Hcltech Versionvault Express 2.0.1 VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server. | 9.1 |
2022-05-24 | CVE-2020-4926 | IBM | Missing Authorization vulnerability in IBM Elastic Storage System and Spectrum Scale A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. | 9.1 |
2022-05-24 | CVE-2013-10002 | Telecomsoftware | Use of Hard-coded Credentials vulnerability in Telecomsoftware Samwin Agent and Samwin Contact Center A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. | 9.1 |
168 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-05-26 | CVE-2022-26748 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X An out-of-bounds write issue was addressed with improved input validation. | 8.8 |
2022-05-26 | CVE-2022-30584 | RSA | Unspecified vulnerability in RSA Archer Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. | 8.8 |
2022-05-26 | CVE-2022-31265 | Wargaming | Authentication Bypass by Capture-replay vulnerability in Wargaming World of Warships 0.11.4 The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source. | 8.8 |
2022-05-26 | CVE-2021-33014 | Kuka | Unspecified vulnerability in Kuka KR C4 Firmware and KSS An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. | 8.8 |
2022-05-26 | CVE-2022-1261 | Honeywell | Unspecified vulnerability in Honeywell Matrikon OPC Server Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges. | 8.8 |
2022-05-26 | CVE-2022-26857 | Dell | Unspecified vulnerability in Dell Openmanage Enterprise 3.5/3.6.1 Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. | 8.8 |
2022-05-26 | CVE-2021-34360 | Qnap | Cross-Site Request Forgery (CSRF) vulnerability in Qnap NAS Proxy Server A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. | 8.8 |
2022-05-26 | CVE-2022-29664 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save. | 8.8 |
2022-05-26 | CVE-2022-29667 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. | 8.8 |
2022-05-26 | CVE-2022-29669 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan. | 8.8 |
2022-05-26 | CVE-2022-29685 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort. | 8.8 |
2022-05-26 | CVE-2021-40317 | Piwigo | SQL Injection vulnerability in Piwigo 11.5.0 Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | 8.8 |
2022-05-25 | CVE-2022-27305 | Gibbonedu | Session Fixation vulnerability in Gibbonedu Gibbon Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. | 8.8 |
2022-05-25 | CVE-2022-1883 | Camptocamp | SQL Injection vulnerability in Camptocamp Terraboard SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0. | 8.8 |
2022-05-24 | CVE-2022-22495 | IBM | SQL Injection vulnerability in IBM I 7.3/7.4/7.5 IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. | 8.8 |
2022-05-24 | CVE-2014-125001 | Cardosystems | Improper Privilege Management vulnerability in Cardosystems Scala Rider Q3 Firmware A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. | 8.8 |
2022-05-24 | CVE-2021-4229 | UA Parser JS Project | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ua-Parser-Js Project Ua-Parser-Js 0.7.29/0.8.0/1.0.0 A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. | 8.8 |
2022-05-24 | CVE-2022-29221 | Smarty Debian Fedoraproject | Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. | 8.8 |
2022-05-24 | CVE-2022-30843 | Room Rent Portal Site Project | SQL Injection vulnerability in Room Rent Portal Site Project Room Rent Portal Site 1.0 Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. | 8.8 |
2022-05-24 | CVE-2022-30459 | Chatbot APP With Suggestion Project | SQL Injection vulnerability in Chatbot APP With Suggestion Project Chatbot APP With Suggestion 1.0 ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. | 8.8 |
2022-05-24 | CVE-2022-30463 | Automotive Shop Management System Project | SQL Injection vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. | 8.8 |
2022-05-24 | CVE-2021-42655 | Sscms | SQL Injection vulnerability in Sscms Siteserver CMS 6.15.51 SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. | 8.8 |
2022-05-24 | CVE-2022-1839 | Home Clean Services Management System Project | SQL Injection vulnerability in Home Clean Services Management System Project Home Clean Services Management System 1.0 A vulnerability classified as critical was found in Home Clean Services Management System 1.0. | 8.8 |
2022-05-23 | CVE-2022-28999 | Bloodshed | Incorrect Default Permissions vulnerability in Bloodshed Dev-C++ 4.9.9.2 Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. | 8.8 |
2022-05-23 | CVE-2022-29002 | Xuxueli | Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.3.0 A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. | 8.8 |
2022-05-23 | CVE-2022-29376 | Apachefriends | Incorrect Default Permissions vulnerability in Apachefriends Xampp Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. | 8.8 |
2022-05-23 | CVE-2022-28944 | Emcosoftware | Download of Code Without Integrity Check vulnerability in Emcosoftware products Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. | 8.8 |
2022-05-23 | CVE-2022-30016 | Rescue Dispatch Management System Project | Incorrect Authorization vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info. | 8.8 |
2022-05-23 | CVE-2022-30014 | Simple Food Website Project | Cross-Site Request Forgery (CSRF) vulnerability in Simple Food Website Project Simple Food Website 1.0 Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. | 8.8 |
2022-05-23 | CVE-2021-42585 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | 8.8 |
2022-05-23 | CVE-2021-42586 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | 8.8 |
2022-05-25 | CVE-2022-30321 | Hashicorp | Command Injection vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. | 8.6 |
2022-05-25 | CVE-2022-30322 | Hashicorp | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. | 8.6 |
2022-05-25 | CVE-2022-30323 | Hashicorp | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. | 8.6 |
2022-05-25 | CVE-2021-44719 | Docker | Unspecified vulnerability in Docker Desktop Docker Desktop 4.3.0 has Incorrect Access Control. | 8.4 |
2022-05-27 | CVE-2022-1907 | Libmobi Project | Out-of-bounds Read vulnerability in Libmobi Project Libmobi Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | 8.1 |
2022-05-27 | CVE-2022-1908 | Libmobi Project | Out-of-bounds Read vulnerability in Libmobi Project Libmobi Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | 8.1 |
2022-05-26 | CVE-2022-22576 | Haxx Debian Netapp Brocade Splunk | Missing Authentication for Critical Function vulnerability in multiple products An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. | 8.1 |
2022-05-25 | CVE-2022-29248 | Guzzlephp Drupal Debian | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products Guzzle is a PHP HTTP client. | 8.1 |
2022-05-24 | CVE-2022-1669 | Circutor | Unspecified vulnerability in Circutor Compact Dc-S Basic Firmware 1.2.17 A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. | 8.1 |
2022-05-24 | CVE-2022-1850 | Filegator | Path Traversal vulnerability in Filegator Path Traversal in GitHub repository filegator/filegator prior to 7.8.0. | 8.1 |
2022-05-24 | CVE-2022-29305 | Imgurl Project | SQL Injection vulnerability in Imgurl Project Imgurl 2.31 imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. | 8.1 |
2022-05-23 | CVE-2022-28998 | Xlightftpd | Out-of-bounds Write vulnerability in Xlightftpd Xlight FTP 3.9.3.2 Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code. | 8.1 |
2022-05-29 | CVE-2022-1927 | VIM Fedoraproject Apple | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-05-27 | CVE-2022-1897 | VIM Fedoraproject Apple Debian | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-05-27 | CVE-2022-1898 | VIM Fedoraproject Debian Apple | Use After Free in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-05-27 | CVE-2022-28394 | Trendmicro | Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). | 7.8 |
2022-05-27 | CVE-2022-30700 | Trendmicro | Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Apex ONE 2019 An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. | 7.8 |
2022-05-27 | CVE-2022-30701 | Trendmicro | Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 2019 An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. | 7.8 |
2022-05-26 | CVE-2022-26739 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2022-05-26 | CVE-2022-26740 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2022-05-26 | CVE-2022-26741 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2022-05-26 | CVE-2022-26742 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2022-05-26 | CVE-2022-26744 | Apple | Out-of-bounds Write vulnerability in Apple Iphone OS A memory corruption issue was addressed with improved state management. | 7.8 |
2022-05-26 | CVE-2022-26747 | Apple | Unspecified vulnerability in Apple Xcode This issue was addressed with improved checks. | 7.8 |
2022-05-26 | CVE-2022-26749 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2022-05-26 | CVE-2022-26750 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2022-05-26 | CVE-2022-26751 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved input validation. | 7.8 |
2022-05-26 | CVE-2022-26752 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2022-05-26 | CVE-2022-26753 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2022-05-26 | CVE-2022-26754 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 7.8 |
2022-05-26 | CVE-2022-26756 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X An out-of-bounds write issue was addressed with improved input validation. | 7.8 |
2022-05-26 | CVE-2022-26757 | Apple | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 7.8 |
2022-05-26 | CVE-2022-26761 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 7.8 |
2022-05-26 | CVE-2022-26763 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An out-of-bounds access issue was addressed with improved bounds checking. | 7.8 |
2022-05-26 | CVE-2022-26768 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 7.8 |
2022-05-26 | CVE-2022-26769 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X and Macos A memory corruption issue was addressed with improved input validation. | 7.8 |
2022-05-26 | CVE-2022-26770 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X and Macos An out-of-bounds read issue was addressed with improved input validation. | 7.8 |
2022-05-26 | CVE-2022-26771 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 7.8 |
2022-05-26 | CVE-2022-26772 | Apple | Out-of-bounds Write vulnerability in Apple Macos A memory corruption issue was addressed with improved state management. | 7.8 |
2022-05-26 | CVE-2022-26774 | Apple | Unspecified vulnerability in Apple Itunes A logic issue was addressed with improved state management. | 7.8 |
2022-05-26 | CVE-2022-29637 | Iminho | Unrestricted Upload of File with Dangerous Type vulnerability in Iminho Mindoc 2.1 An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. | 7.8 |
2022-05-26 | CVE-2022-26702 | Apple | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 7.8 |
2022-05-26 | CVE-2022-26704 | Apple | Link Following vulnerability in Apple mac OS X and Macos A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. | 7.8 |
2022-05-26 | CVE-2022-26714 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved validation. | 7.8 |
2022-05-26 | CVE-2022-26715 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2022-05-26 | CVE-2022-26718 | Apple | Out-of-bounds Read vulnerability in Apple Macos An out-of-bounds read issue was addressed with improved input validation. | 7.8 |
2022-05-26 | CVE-2022-26720 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2022-05-26 | CVE-2022-26721 | Apple | Improper Initialization vulnerability in Apple mac OS X A memory initialization issue was addressed. | 7.8 |
2022-05-26 | CVE-2022-26722 | Apple | Improper Initialization vulnerability in Apple mac OS X A memory initialization issue was addressed. | 7.8 |
2022-05-26 | CVE-2022-26736 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2022-05-26 | CVE-2022-26737 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2022-05-26 | CVE-2022-26738 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2022-05-26 | CVE-2022-22672 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 7.8 |
2022-05-26 | CVE-2022-22675 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2022-05-26 | CVE-2022-1882 | Linux Netapp | Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. | 7.8 |
2022-05-26 | CVE-2022-30784 | Tuxera Debian Fedoraproject | Classic Buffer Overflow vulnerability in multiple products A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | 7.8 |
2022-05-26 | CVE-2022-30786 | Tuxera Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | 7.8 |
2022-05-26 | CVE-2022-30788 | Tuxera Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. | 7.8 |
2022-05-26 | CVE-2022-30789 | Tuxera Debian Fedoraproject | Out-of-bounds Write vulnerability in multiple products A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. | 7.8 |
2022-05-26 | CVE-2022-1886 | VIM Fedoraproject | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-05-25 | CVE-2022-1851 | VIM Fedoraproject Debian Apple | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-05-24 | CVE-2022-29333 | Cyberlink | Improper Privilege Management vulnerability in Cyberlink Powerdirector 14.0 A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. | 7.8 |
2022-05-24 | CVE-2021-3717 | Redhat | Files or Directories Accessible to External Parties vulnerability in Redhat products A flaw was found in Wildfly. | 7.8 |
2022-05-24 | CVE-2021-42612 | Halibut Project Fedoraproject | Use After Free vulnerability in multiple products A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document. | 7.8 |
2022-05-24 | CVE-2021-42613 | Halibut Project Fedoraproject | Double Free vulnerability in multiple products A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. | 7.8 |
2022-05-24 | CVE-2021-42614 | Halibut Project Fedoraproject | Use After Free vulnerability in multiple products A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document. | 7.8 |
2022-05-24 | CVE-2021-32965 | Deltaww | Unspecified vulnerability in Deltaww Diascreen Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. | 7.8 |
2022-05-24 | CVE-2021-32969 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Diascreen Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. | 7.8 |
2022-05-24 | CVE-2022-26531 | Zyxel | Improper Input Validation vulnerability in Zyxel products Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. | 7.8 |
2022-05-24 | CVE-2022-26532 | Zyxel | OS Command Injection vulnerability in Zyxel products A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. | 7.8 |
2022-05-27 | CVE-2022-25878 | Protobufjs Project | Unspecified vulnerability in Protobufjs Project Protobufjs The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. | 7.5 |
2022-05-26 | CVE-2022-26701 | Apple | Race Condition vulnerability in Apple products A race condition was addressed with improved locking. | 7.5 |
2022-05-26 | CVE-2022-22673 | Apple | Unspecified vulnerability in Apple Iphone OS This issue was addressed with improved checks. | 7.5 |
2022-05-26 | CVE-2022-30473 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318) Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set | 7.5 |
2022-05-26 | CVE-2022-30475 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318) Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. | 7.5 |
2022-05-26 | CVE-2022-29720 | 74Cms | Files or Directories Accessible to External Parties vulnerability in 74Cms 74Cmsse 3.5.1 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php. | 7.5 |
2022-05-26 | CVE-2022-29721 | 74Cms | SQL Injection vulnerability in 74Cms 74Cmsse 3.5.1 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. | 7.5 |
2022-05-26 | CVE-2021-42859 | Mini XML Project | Missing Release of Resource after Effective Lifetime vulnerability in Mini-Xml Project Mini-Xml 3.2 A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. | 7.5 |
2022-05-26 | CVE-2021-42860 | Mini XML Project | Missing Release of Resource after Effective Lifetime vulnerability in Mini-Xml Project Mini-Xml 3.2 A stack buffer overflow exists in Mini-XML v3.2. | 7.5 |
2022-05-25 | CVE-2022-26026 | Openautomationsoftware | Unspecified vulnerability in Openautomationsoftware OAS Platform 16.00.0112 A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. | 7.5 |
2022-05-25 | CVE-2022-26043 | Openautomationsoftware | Unspecified vulnerability in Openautomationsoftware OAS Platform 16.00.0112 An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. | 7.5 |
2022-05-25 | CVE-2022-26067 | Openautomationsoftware | Unspecified vulnerability in Openautomationsoftware OAS Platform 16.00.0112 An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. | 7.5 |
2022-05-25 | CVE-2022-26077 | Openautomationsoftware | Unspecified vulnerability in Openautomationsoftware OAS Platform 16.00.0112 A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. | 7.5 |
2022-05-25 | CVE-2022-26303 | Openautomationsoftware | Unspecified vulnerability in Openautomationsoftware OAS Platform 16.00.0112 An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. | 7.5 |
2022-05-25 | CVE-2022-27169 | Openautomationsoftware | Unspecified vulnerability in Openautomationsoftware OAS Platform 16.00.0112 An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. | 7.5 |
2022-05-25 | CVE-2022-30427 | Ginadmin Project | Path Traversal vulnerability in Ginadmin Project Ginadmin 1.0.1/20220510 In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. | 7.5 |
2022-05-25 | CVE-2022-30428 | Ginadmin Project | Files or Directories Accessible to External Parties vulnerability in Ginadmin Project Ginadmin 1.0.1/20220510 In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. | 7.5 |
2022-05-25 | CVE-2022-1678 | Linux Netapp | An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. | 7.5 |
2022-05-25 | CVE-2021-32966 | Philips | Unspecified vulnerability in Philips Interoperability Solution XDS Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. | 7.5 |
2022-05-25 | CVE-2021-32997 | Bakerhughes | Unspecified vulnerability in Bakerhughes products The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. | 7.5 |
2022-05-25 | CVE-2022-1815 | Diagrams | Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. | 7.5 |
2022-05-24 | CVE-2022-22497 | IBM | Unspecified vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. | 7.5 |
2022-05-24 | CVE-2021-4230 | Airfield Online Project | Improper Authentication vulnerability in Airfield Online Project Airfield Online A vulnerability has been found in Airfield Online and classified as problematic. | 7.5 |
2022-05-24 | CVE-2022-29249 | Javaez Project | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Javaez Project Javaez 1.6 JavaEZ is a library that adds new functions to make Java easier. | 7.5 |
2022-05-24 | CVE-2022-29217 | Pyjwt Project Fedoraproject | PyJWT is a Python implementation of RFC 7519. | 7.5 |
2022-05-24 | CVE-2022-29219 | Chainsafe | Unspecified vulnerability in Chainsafe Lodestar Lodestar is a TypeScript implementation of the Ethereum Consensus specification. | 7.5 |
2022-05-24 | CVE-2022-29242 | Gost Engine Project | Unspecified vulnerability in Gost Engine Project Gost Engine GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. | 7.5 |
2022-05-24 | CVE-2022-29567 | Vaadin | Information Exposure vulnerability in Vaadin The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side. | 7.5 |
2022-05-24 | CVE-2022-31261 | Morpheusdata | XXE vulnerability in Morpheusdata Morpheus 5.2.16/5.4.0/5.4.4 An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. | 7.5 |
2022-05-24 | CVE-2022-29309 | Mysiteforme Project | Server-Side Request Forgery (SSRF) vulnerability in Mysiteforme Project Mysiteforme 2.2.1 mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | 7.5 |
2022-05-24 | CVE-2022-29377 | Totolink | Out-of-bounds Write vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102 Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. | 7.5 |
2022-05-23 | CVE-2022-31487 | Inoutscripts | SQL Injection vulnerability in Inoutscripts Blockchain Altexchanger and Blockchain Fiatexchanger Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. | 7.5 |
2022-05-23 | CVE-2022-31488 | Inoutscripts | SQL Injection vulnerability in Inoutscripts Blockchain Altexchanger 1.2.1 Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. | 7.5 |
2022-05-23 | CVE-2022-31489 | Inoutscripts | SQL Injection vulnerability in Inoutscripts Blockchain Altexchanger 1.2.1 Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. | 7.5 |
2022-05-23 | CVE-2022-28997 | Cszcms | Server-Side Request Forgery (SSRF) vulnerability in Cszcms 1.3.0 CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. | 7.5 |
2022-05-23 | CVE-2022-28874 | F Secure Withsecure | Out-of-bounds Write vulnerability in multiple products Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. | 7.5 |
2022-05-23 | CVE-2022-31467 | Quickheal | Uncontrolled Search Path Element vulnerability in Quickheal Total Security 10.1.0.316/11.00/12.00 A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load. | 7.3 |
2022-05-26 | CVE-2022-29661 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save. | 7.2 |
2022-05-26 | CVE-2022-29662 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save. | 7.2 |
2022-05-26 | CVE-2022-29663 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. | 7.2 |
2022-05-26 | CVE-2022-29665 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save. | 7.2 |
2022-05-26 | CVE-2022-29666 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | 7.2 |
2022-05-26 | CVE-2022-29670 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del. | 7.2 |
2022-05-26 | CVE-2022-29676 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | 7.2 |
2022-05-26 | CVE-2022-29680 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del. | 7.2 |
2022-05-26 | CVE-2022-29681 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del. | 7.2 |
2022-05-26 | CVE-2022-29682 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del. | 7.2 |
2022-05-26 | CVE-2022-29683 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del. | 7.2 |
2022-05-26 | CVE-2022-29684 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del. | 7.2 |
2022-05-26 | CVE-2022-29686 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan. | 7.2 |
2022-05-26 | CVE-2022-29687 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del. | 7.2 |
2022-05-26 | CVE-2022-29688 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy. | 7.2 |
2022-05-26 | CVE-2022-29689 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del. | 7.2 |
2022-05-25 | CVE-2022-22127 | Tableau | Unspecified vulnerability in Tableau Server Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. | 7.2 |
2022-05-25 | CVE-2022-29651 | Online Food Ordering System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Online Food Ordering System Project Online Food Ordering System 1.0 An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
2022-05-24 | CVE-2022-23050 | Zohocorp | Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Applications Manager ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | 7.2 |
2022-05-24 | CVE-2022-1837 | Home Clean Services Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Home Clean Services Management System Project Home Clean Services Management System 1.0 A vulnerability was found in Home Clean Services Management System 1.0. | 7.2 |
2022-05-24 | CVE-2022-1838 | Home Clean Services Management System Project | SQL Injection vulnerability in Home Clean Services Management System Project Home Clean Services Management System 1.0 A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. | 7.2 |
2022-05-27 | CVE-2022-20806 | Cisco | Information Exposure Through Log Files vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. | 7.1 |
2022-05-27 | CVE-2022-30687 | Trendmicro | Link Following vulnerability in Trendmicro Maximum Security 2022 17.7 Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. | 7.1 |
2022-05-26 | CVE-2022-26773 | Apple | Unspecified vulnerability in Apple Itunes A logic issue was addressed with improved state management. | 7.1 |
2022-05-26 | CVE-2022-26697 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X and Macos An out-of-bounds read issue was addressed with improved input validation. | 7.1 |
2022-05-26 | CVE-2022-26698 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X and Macos An out-of-bounds read issue was addressed with improved bounds checking. | 7.1 |
2022-05-26 | CVE-2022-21827 | Citrix | Improper Privilege Management vulnerability in Citrix Gateway Plug-In 12.158/12.158.15/13.061.48 An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. | 7.1 |
2022-05-24 | CVE-2022-22977 | Vmware | XXE vulnerability in VMWare Tools VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. | 7.1 |
2022-05-26 | CVE-2022-26743 | Apple | Out-of-bounds Write vulnerability in Apple Macos An out-of-bounds write issue was addressed with improved bounds checking. | 7.0 |
2022-05-23 | CVE-2022-31466 | Quickheal | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Quickheal Total Security 10.1.0.316/11.00/12.00 Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. | 7.0 |
135 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-05-26 | CVE-2022-26865 | Dell | Improper Authentication vulnerability in Dell Supportassist OS Recovery 5.5.1 Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. | 6.8 |
2022-05-25 | CVE-2022-29402 | TP Link | Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Wr840N Firmware TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. | 6.8 |
2022-05-25 | CVE-2022-21951 | Suse | Unspecified vulnerability in Suse Rancher A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5. | 6.8 |
2022-05-24 | CVE-2022-22309 | IBM | Missing Authentication for Critical Function vulnerability in IBM Power System S922 Firmware The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. | 6.8 |
2022-05-26 | CVE-2022-26691 | Apple Debian Fedoraproject Openprinting | Incorrect Comparison vulnerability in multiple products A logic issue was addressed with improved state management. | 6.7 |
2022-05-26 | CVE-2022-24417 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2022-05-26 | CVE-2022-24418 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 6.7 |
2022-05-26 | CVE-2022-30783 | Tuxera Fedoraproject Debian | Unchecked Return Value vulnerability in multiple products An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 |
2022-05-26 | CVE-2022-30785 | Tuxera Fedoraproject Debian | A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 |
2022-05-26 | CVE-2022-30787 | Tuxera Fedoraproject Debian | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 |
2022-05-25 | CVE-2022-29256 | Sharp Project | OS Command Injection vulnerability in Sharp Project Sharp sharp is an application for Node.js image processing. | 6.7 |
2022-05-27 | CVE-2022-20807 | Cisco | Information Exposure Through Log Files vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. | 6.5 |
2022-05-26 | CVE-2022-30585 | RSA | Unspecified vulnerability in RSA Archer The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. | 6.5 |
2022-05-26 | CVE-2022-26726 | Apple | Unspecified vulnerability in Apple mac OS X This issue was addressed with improved checks. | 6.5 |
2022-05-26 | CVE-2022-22662 | Apple Fedoraproject | A cookie management issue was addressed with improved state management. | 6.5 |
2022-05-26 | CVE-2022-30508 | Dedecms | Path Traversal vulnerability in Dedecms 5.7.93 DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. | 6.5 |
2022-05-26 | CVE-2022-24414 | Dell | Information Exposure vulnerability in Dell Cloudlink Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. | 6.5 |
2022-05-26 | CVE-2022-20809 | Cisco | Information Exposure Through Log Files vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. | 6.5 |
2022-05-26 | CVE-2022-20821 | Cisco | Unspecified vulnerability in Cisco IOS XR A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. | 6.5 |
2022-05-26 | CVE-2021-42692 | Tinytoml Project | Out-of-bounds Write vulnerability in Tinytoml Project Tinytoml 0.4 There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS. | 6.5 |
2022-05-25 | CVE-2022-31620 | Libjpeg Project | Reachable Assertion vulnerability in Libjpeg Project Libjpeg 1.63 In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. | 6.5 |
2022-05-25 | CVE-2021-27783 | Hcltech | Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Mobile and Bigfix Modern Client Management User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | 6.5 |
2022-05-25 | CVE-2022-1348 | Logrotate Project Fedoraproject | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability was found in logrotate in how the state file is created. | 6.5 |
2022-05-25 | CVE-2022-28875 | F Secure | Improper Resource Shutdown or Release vulnerability in F-Secure products A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. | 6.5 |
2022-05-25 | CVE-2021-35487 | Nokia | SQL Injection vulnerability in Nokia Broadcast Message Center Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. | 6.5 |
2022-05-25 | CVE-2022-29405 | Apache | Unspecified vulnerability in Apache Archiva In Apache Archiva, any registered user can reset password for any users. | 6.5 |
2022-05-24 | CVE-2021-42659 | Tenda | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda AC9 Firmware 15.03.05.19(6318)/15.03.06.42Multi There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. | 6.5 |
2022-05-24 | CVE-2022-0910 | Zyxel | Improper Authentication vulnerability in Zyxel products A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled. | 6.5 |
2022-05-23 | CVE-2021-41714 | Tipask | Download of Code Without Integrity Check vulnerability in Tipask In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage. | 6.5 |
2022-05-23 | CVE-2021-41834 | Jfrog | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. | 6.5 |
2022-05-26 | CVE-2022-26755 | Apple | Unspecified vulnerability in Apple mac OS X This issue was addressed with improved environment sanitization. | 6.3 |
2022-05-27 | CVE-2022-20666 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20667 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20668 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20669 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20670 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20671 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20672 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20673 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20674 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-26 | CVE-2021-28508 | Arista | Cleartext Transmission of Sensitive Information vulnerability in Arista EOS and Terminattr This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. | 6.1 |
2022-05-26 | CVE-2021-28509 | Arista | Cleartext Transmission of Sensitive Information vulnerability in Arista EOS and Terminattr This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. | 6.1 |
2022-05-26 | CVE-2022-31648 | Talend | Cross-site Scripting vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0 Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. | 6.1 |
2022-05-26 | CVE-2021-4232 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul ZOO Management System 1.0 A vulnerability classified as problematic has been found in Zoo Management System 1.0. | 6.1 |
2022-05-26 | CVE-2022-22577 | Rubyonrails Debian | Cross-site Scripting vulnerability in multiple products An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. | 6.1 |
2022-05-26 | CVE-2022-27777 | Rubyonrails Debian | Cross-site Scripting vulnerability in multiple products A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | 6.1 |
2022-05-26 | CVE-2022-29091 | Dell | Cross-site Scripting vulnerability in Dell products Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. | 6.1 |
2022-05-25 | CVE-2022-29251 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. | 6.1 |
2022-05-25 | CVE-2022-29252 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. | 6.1 |
2022-05-25 | CVE-2022-29408 | Vsourz | Unspecified vulnerability in Vsourz Advanced CF7 DB Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. | 6.1 |
2022-05-25 | CVE-2021-32989 | Lcds | Unspecified vulnerability in Lcds Laquis Scada When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. | 6.1 |
2022-05-25 | CVE-2022-29349 | Keking | Cross-site Scripting vulnerability in Keking Kkfileview 4.0.0 kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. | 6.1 |
2022-05-25 | CVE-2022-29359 | School Club Application System Project | Cross-site Scripting vulnerability in School Club Application System Project School Club Application System 1.0 A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | 6.1 |
2022-05-25 | CVE-2022-29710 | Limesurvey | Cross-site Scripting vulnerability in Limesurvey A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. | 6.1 |
2022-05-24 | CVE-2021-32962 | Aggsoft | Unspecified vulnerability in Aggsoft Webserver The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to cross-site scripting, which may allow an attacker to remotely execute arbitrary code. | 6.1 |
2022-05-24 | CVE-2022-30839 | Room Rent Portal Site Project | Cross-site Scripting vulnerability in Room Rent Portal Site Project Room Rent Portal Site 1.0 Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. | 6.1 |
2022-05-24 | CVE-2022-0734 | Zyxel | Cross-site Scripting vulnerability in Zyxel products A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script. | 6.1 |
2022-05-23 | CVE-2022-29004 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul E-Diary Management System 1.0 Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. | 6.1 |
2022-05-23 | CVE-2022-29005 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Online Birth Certificate System 1.2 Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters. | 6.1 |
2022-05-23 | CVE-2022-0346 | Xmlsitemapgenerator | Unspecified vulnerability in Xmlsitemapgenerator XML Sitemap Generator The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on. | 6.1 |
2022-05-23 | CVE-2022-1192 | Turn OFF ALL Comments Project | Unspecified vulnerability in Turn OFF ALL Comments Project Turn OFF ALL Comments 1.0 The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-05-23 | CVE-2022-1218 | Duogeek | Cross-site Scripting vulnerability in Duogeek Domain Replace 1.3.8 The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-05-23 | CVE-2022-1221 | Gwyn S Imagemap Selector Project | Unspecified vulnerability in Gwyn'S Imagemap Selector Project Gwyn'S Imagemap Selector 0.3.2/0.3.3 The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. | 6.1 |
2022-05-23 | CVE-2022-1268 | Donate Extra Project | Unspecified vulnerability in Donate Extra Project Donate Extra 2.02 The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting | 6.1 |
2022-05-23 | CVE-2022-1547 | Wpchill | Unspecified vulnerability in Wpchill Check & LOG Email The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-05-24 | CVE-2021-3597 | Redhat Netapp | Race Condition vulnerability in multiple products A flaw was found in undertow. | 5.9 |
2022-05-24 | CVE-2021-3629 | Redhat Netapp | Resource Exhaustion vulnerability in multiple products A flaw was found in Undertow. | 5.9 |
2022-05-26 | CVE-2022-26745 | Apple | Out-of-bounds Write vulnerability in Apple Macos A memory corruption issue was addressed with improved validation. | 5.5 |
2022-05-26 | CVE-2022-26746 | Apple | Unspecified vulnerability in Apple mac OS X This issue was addressed by removing the vulnerable code. | 5.5 |
2022-05-26 | CVE-2022-26766 | Apple | Improper Certificate Validation vulnerability in Apple products A certificate parsing issue was addressed with improved checks. | 5.5 |
2022-05-26 | CVE-2022-26767 | Apple | Incorrect Authorization vulnerability in Apple Macos The issue was addressed with additional permissions checks. | 5.5 |
2022-05-26 | CVE-2022-26706 | Apple | Unspecified vulnerability in Apple products An access issue was addressed with additional sandbox restrictions on third-party applications. | 5.5 |
2022-05-26 | CVE-2022-26712 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed by removing the vulnerable code. | 5.5 |
2022-05-26 | CVE-2022-26724 | Apple | Improper Authentication vulnerability in Apple Tvos An authentication issue was addressed with improved state management. | 5.5 |
2022-05-26 | CVE-2022-26727 | Apple | Unspecified vulnerability in Apple mac OS X and Macos This issue was addressed with improved entitlements. | 5.5 |
2022-05-26 | CVE-2022-26728 | Apple | Unspecified vulnerability in Apple mac OS X and Macos This issue was addressed with improved entitlements. | 5.5 |
2022-05-26 | CVE-2022-22616 | Apple | Unspecified vulnerability in Apple mac OS X and Macos This issue was addressed with improved checks. | 5.5 |
2022-05-26 | CVE-2022-22663 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved checks to prevent unauthorized actions. | 5.5 |
2022-05-26 | CVE-2022-22674 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X and Macos An out-of-bounds read issue existed that led to the disclosure of kernel memory. | 5.5 |
2022-05-26 | CVE-2022-22676 | Apple | Unspecified vulnerability in Apple Macos 12.0.0/12.0.1/12.1 An event handler validation issue in the XPC Services API was addressed by removing the service. | 5.5 |
2022-05-25 | CVE-2022-31650 | SOX Project | Incorrect Comparison vulnerability in SOX Project SOX 14.4.2 In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | 5.5 |
2022-05-25 | CVE-2022-31651 | SOX Project | Reachable Assertion vulnerability in SOX Project SOX 14.4.2 In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | 5.5 |
2022-05-25 | CVE-2022-31621 | Mariadb | Improper Locking vulnerability in Mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. | 5.5 |
2022-05-25 | CVE-2022-31622 | Mariadb | Improper Locking vulnerability in Mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. | 5.5 |
2022-05-25 | CVE-2022-31623 | Mariadb | Improper Locking vulnerability in Mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. | 5.5 |
2022-05-25 | CVE-2022-31624 | Mariadb | Improper Locking vulnerability in Mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. | 5.5 |
2022-05-25 | CVE-2021-44974 | Radare | NULL Pointer Dereference vulnerability in Radare Radare2 radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser. | 5.5 |
2022-05-25 | CVE-2022-29358 | Epub2Txt2 Project | Integer Overflow or Wraparound vulnerability in Epub2Txt2 Project Epub2Txt2 2.04 epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. | 5.5 |
2022-05-24 | CVE-2021-44975 | Radare | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 5.5.2 radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. | 5.5 |
2022-05-23 | CVE-2021-32958 | Claroty | Unspecified vulnerability in Claroty Secure Remote Access 3.0/3.2 Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). | 5.5 |
2022-05-29 | CVE-2022-1928 | Gitea | Cross-site Scripting vulnerability in Gitea Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. | 5.4 |
2022-05-27 | CVE-2022-20802 | Cisco | Cross-site Scripting vulnerability in Cisco Enterprise Chat and Email A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 5.4 |
2022-05-27 | CVE-2022-1909 | Organizr | Cross-site Scripting vulnerability in Organizr Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200. | 5.4 |
2022-05-26 | CVE-2022-30494 | Automotive Shop Management System Project | Cross-site Scripting vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. | 5.4 |
2022-05-26 | CVE-2021-4231 | Angular | Cross-site Scripting vulnerability in Angular A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. | 5.4 |
2022-05-25 | CVE-2022-29362 | Zkeacms | Cross-site Scripting vulnerability in Zkeacms 3.5.2 A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter. | 5.4 |
2022-05-24 | CVE-2022-1849 | Filegator | Session Fixation vulnerability in Filegator Session Fixation in GitHub repository filegator/filegator prior to 7.8.0. | 5.4 |
2022-05-24 | CVE-2022-29237 | Apereo | Unspecified vulnerability in Apereo Opencast Opencast is a free and open source solution for automated video capture and distribution at scale. | 5.4 |
2022-05-24 | CVE-2022-30842 | Covid 19 Travel Pass Management System Project | Cross-site Scripting vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0 Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. | 5.4 |
2022-05-24 | CVE-2022-30458 | Automotive Shop Management System Project | Cross-site Scripting vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. | 5.4 |
2022-05-24 | CVE-2022-30460 | Simple Social Networking Site Project | Cross-site Scripting vulnerability in Simple Social Networking Site Project Simple Social Networking Site 1.0 Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. | 5.4 |
2022-05-24 | CVE-2022-30462 | Water Billing System Project | Cross-site Scripting vulnerability in Water Billing System Project Water Billing System 1.0 Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. | 5.4 |
2022-05-24 | CVE-2022-30464 | Chatbot APP With Suggestion Project | Cross-site Scripting vulnerability in Chatbot APP With Suggestion Project Chatbot APP With Suggestion 1.0 ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. | 5.4 |
2022-05-24 | CVE-2022-30837 | Toll TAX Management System Project | Cross-site Scripting vulnerability in Toll TAX Management System Project Toll TAX Management System 1.0 Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. | 5.4 |
2022-05-24 | CVE-2021-42656 | Sscms | Cross-site Scripting vulnerability in Sscms Siteserver CMS 6.15.51 SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. | 5.4 |
2022-05-24 | CVE-2022-30456 | Badminton Center Management System Project | Cross-site Scripting vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. | 5.4 |
2022-05-23 | CVE-2022-30015 | Simple Food Website Project | Cross-site Scripting vulnerability in Simple Food Website Project Simple Food Website 1.0 In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss. | 5.4 |
2022-05-23 | CVE-2021-42233 | Simple Blog Project | Cross-site Scripting vulnerability in Simple Blog Project Simple Blog The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. | 5.4 |
2022-05-23 | CVE-2022-30017 | Rescue Dispatch Management System Project | Cross-site Scripting vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing. | 5.4 |
2022-05-23 | CVE-2022-1811 | Publify Project | Unrestricted Upload of File with Dangerous Type vulnerability in Publify Project Publify Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. | 5.4 |
2022-05-23 | CVE-2022-1816 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul ZOO Management System 1.0 A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. | 5.4 |
2022-05-23 | CVE-2022-1817 | Badminton Center Management System Project | Cross-site Scripting vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 A vulnerability, which was classified as problematic, was found in Badminton Center Management System. | 5.4 |
2022-05-23 | CVE-2022-1825 | Collectiveaccess | Cross-site Scripting vulnerability in Collectiveaccess Providence Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8. | 5.4 |
2022-05-27 | CVE-2021-27780 | Hcltech | Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | 5.3 |
2022-05-26 | CVE-2022-26725 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved state management. | 5.3 |
2022-05-24 | CVE-2021-32964 | Aggsoft | Path Traversal vulnerability in Aggsoft Webserver The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system. | 5.3 |
2022-05-24 | CVE-2022-22306 | Fortinet | Improper Certificate Validation vulnerability in Fortinet Fortios An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms. | 5.3 |
2022-05-24 | CVE-2022-1848 | Erudika | Unspecified vulnerability in Erudika Para Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. | 5.3 |
2022-05-24 | CVE-2022-31263 | Joinmastodon | Unspecified vulnerability in Joinmastodon Mastodon app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. | 5.3 |
2022-05-27 | CVE-2021-27781 | Hcltech | Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | 4.8 |
2022-05-27 | CVE-2022-20765 | Cisco | Cross-site Scripting vulnerability in Cisco UCS Director A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. | 4.8 |
2022-05-25 | CVE-2022-29380 | Creativeitem | Cross-site Scripting vulnerability in Creativeitem Academy LMS 4.3 Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. | 4.8 |
2022-05-24 | CVE-2022-1819 | Student Information System Project | Cross-site Scripting vulnerability in Student Information System Project Student Information System 1.0 A vulnerability, which was classified as problematic, was found in Student Information System 1.0. | 4.8 |
2022-05-24 | CVE-2022-1840 | Home Clean Services Management System Project | Cross-site Scripting vulnerability in Home Clean Services Management System Project Home Clean Services Management System 1.0 A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. | 4.8 |
2022-05-23 | CVE-2022-1093 | Joomunited | Unspecified vulnerability in Joomunited WP Meta SEO The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed. | 4.8 |
2022-05-23 | CVE-2022-1298 | Wpshopmart | Unspecified vulnerability in Wpshopmart Tabs Responsive The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
2022-05-23 | CVE-2022-1320 | 10Web | Unspecified vulnerability in 10Web Sliderby10Web The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
2022-05-23 | CVE-2022-1558 | Curtain Project | Unspecified vulnerability in Curtain Project Curtain 1.0.2 The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | 4.8 |
2022-05-26 | CVE-2022-26764 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved validation. | 4.7 |
2022-05-26 | CVE-2022-26765 | Apple | Race Condition vulnerability in Apple products A race condition was addressed with improved state handling. | 4.7 |
2022-05-26 | CVE-2022-26690 | Apple | Race Condition vulnerability in Apple Macos Description: A race condition was addressed with additional validation. | 4.7 |
2022-05-26 | CVE-2022-29082 | Dell | Improper Certificate Validation vulnerability in Dell EMC Networker Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates. | 4.6 |
2022-05-26 | CVE-2022-26688 | Apple | Link Following vulnerability in Apple mac OS X and Macos An issue in the handling of symlinks was addressed with improved validation. | 4.4 |
2022-05-26 | CVE-2022-26731 | Apple | Unspecified vulnerability in Apple Iphone OS and Macos A logic issue was addressed with improved state management. | 4.3 |
2022-05-23 | CVE-2022-1810 | Publify Project | Unspecified vulnerability in Publify Project Publify Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-05-25 | CVE-2022-29253 | Xwiki | Path Traversal vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 2.7 |
2022-05-26 | CVE-2022-26703 | Apple | Unspecified vulnerability in Apple Iphone OS An authorization issue was addressed with improved state management. | 2.4 |