Weekly Vulnerabilities Reports > May 23 to 29, 2022
Overview
362 new vulnerabilities reported during this period, including 48 critical vulnerabilities and 85 high severity vulnerabilities. This weekly summary report vulnerabilities in 337 products from 160 vendors including Apple, Chshcms, Fedoraproject, Debian, and Cisco. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Classic Buffer Overflow", and "Missing Authentication for Critical Function".
- 300 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 146 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 245 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 77 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 25 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
48 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-05-26 | CVE-2022-30493 | Automotive Shop Management System Project | SQL Injection vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation). | 10.0 |
2022-05-26 | CVE-2022-24422 | Dell | Improper Authentication vulnerability in Dell Idrac9 Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. | 10.0 |
2022-05-23 | CVE-2021-32935 | Cognex | Deserialization of Untrusted Data vulnerability in Cognex In-Sight OPC Server The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. | 10.0 |
2022-05-23 | CVE-2021-32941 | Annke | Out-of-bounds Write vulnerability in Annke N48Pbb Firmware 3.4.106 Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root). | 10.0 |
2022-05-26 | CVE-2022-29633 | Linglong Project | Unspecified vulnerability in Linglong Project Linglong 1.0 An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie. | 9.8 |
2022-05-26 | CVE-2022-26723 | Apple | Out-of-bounds Write vulnerability in Apple Macos A memory corruption issue was addressed with improved input validation. | 9.8 |
2022-05-26 | CVE-2022-21831 | Rubyonrails Debian | Code Injection vulnerability in multiple products A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. | 9.8 |
2022-05-26 | CVE-2022-1664 | Debian Netapp | Path Traversal vulnerability in multiple products Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. | 9.8 |
2022-05-25 | CVE-2022-26082 | Openautomationsoftware | Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112 A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. | 9.8 |
2022-05-25 | CVE-2022-23775 | Truestack | Unspecified vulnerability in Truestack Direct Connect 1.4.7 TrueStack Direct Connect 1.4.7 has Incorrect Access Control. | 9.8 |
2022-05-25 | CVE-2022-29379 | F5 | Out-of-bounds Write vulnerability in F5 NJS 0.7.3 Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. | 9.8 |
2022-05-25 | CVE-2022-29650 | Online Food Ordering System Project | SQL Injection vulnerability in Online Food Ordering System Project Online Food Ordering System 1.0 Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | 9.8 |
2022-05-25 | CVE-2022-26945 | Hashicorp | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. | 9.8 |
2022-05-25 | CVE-2022-29361 | Palletsprojects | HTTP Request Smuggling vulnerability in Palletsprojects Werkzeug Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. | 9.8 |
2022-05-24 | CVE-2022-29334 | H Project | Authentication Bypass by Capture-replay vulnerability in H Project H 1.0 An issue in H v1.0 allows attackers to bypass authentication via a session replay attack. | 9.8 |
2022-05-24 | CVE-2022-29337 | Cdatatec | OS Command Injection vulnerability in Cdatatec Fd702Xw-X-R430 Firmware 2.1.13X001 C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. | 9.8 |
2022-05-24 | CVE-2021-45914 | Luxsoft | Unspecified vulnerability in Luxsoft Luxcal In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. | 9.8 |
2022-05-24 | CVE-2021-45915 | Luxsoft | Unspecified vulnerability in Luxsoft Luxcal In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. | 9.8 |
2022-05-23 | CVE-2022-28932 | Dlink | Incorrect Default Permissions vulnerability in Dlink Dsl-G2452Dg Firmware D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. | 9.8 |
2022-05-23 | CVE-2022-29599 | Apache Debian | Improper Encoding or Escaping of Output vulnerability in multiple products In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | 9.8 |
2022-05-23 | CVE-2022-1014 | Labarta | SQL Injection vulnerability in Labarta WP Contacts Manager The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. | 9.8 |
2022-05-25 | CVE-2022-26833 | Openautomationsoftware | Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112 An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. | 9.4 |
2022-05-26 | CVE-2022-26739 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 9.3 |
2022-05-26 | CVE-2022-26740 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 9.3 |
2022-05-26 | CVE-2022-26741 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 9.3 |
2022-05-26 | CVE-2022-26742 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 9.3 |
2022-05-26 | CVE-2022-26749 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 9.3 |
2022-05-26 | CVE-2022-26750 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 9.3 |
2022-05-26 | CVE-2022-26752 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 9.3 |
2022-05-26 | CVE-2022-26753 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 9.3 |
2022-05-26 | CVE-2022-26754 | Apple | Classic Buffer Overflow vulnerability in Apple Macos A buffer overflow issue was addressed with improved memory handling. | 9.3 |
2022-05-26 | CVE-2022-26756 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X An out-of-bounds write issue was addressed with improved input validation. | 9.3 |
2022-05-26 | CVE-2022-26761 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X A memory corruption issue was addressed with improved memory handling. | 9.3 |
2022-05-26 | CVE-2022-26763 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products An out-of-bounds access issue was addressed with improved bounds checking. | 9.3 |
2022-05-26 | CVE-2022-26769 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X and Macos A memory corruption issue was addressed with improved input validation. | 9.3 |
2022-05-26 | CVE-2022-26770 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X and Macos An out-of-bounds read issue was addressed with improved input validation. | 9.3 |
2022-05-26 | CVE-2022-26771 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 9.3 |
2022-05-26 | CVE-2022-26772 | Apple | Out-of-bounds Write vulnerability in Apple Macos A memory corruption issue was addressed with improved state management. | 9.3 |
2022-05-26 | CVE-2022-26702 | Apple | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 9.3 |
2022-05-26 | CVE-2022-26714 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved validation. | 9.3 |
2022-05-26 | CVE-2022-26715 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X An out-of-bounds write issue was addressed with improved bounds checking. | 9.3 |
2022-05-26 | CVE-2022-26720 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X An out-of-bounds write issue was addressed with improved bounds checking. | 9.3 |
2022-05-26 | CVE-2022-26721 | Apple | Improper Initialization vulnerability in Apple mac OS X A memory initialization issue was addressed. | 9.3 |
2022-05-26 | CVE-2022-26722 | Apple | Improper Initialization vulnerability in Apple mac OS X A memory initialization issue was addressed. | 9.3 |
2022-05-26 | CVE-2022-22672 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved memory handling. | 9.3 |
2022-05-26 | CVE-2022-22675 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 9.3 |
2022-05-27 | CVE-2022-20797 | Cisco | OS Command Injection vulnerability in Cisco Secure Network Analytics 2.1.1/7.4.1 A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. | 9.1 |
2022-05-26 | CVE-2022-1261 | Honeywell | Unspecified vulnerability in Honeywell Matrikon OPC Server Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges. | 9.0 |
85 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-05-26 | CVE-2022-30584 | RSA | Unspecified vulnerability in RSA Archer Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. | 8.8 |
2022-05-26 | CVE-2022-26857 | Dell | Unspecified vulnerability in Dell Openmanage Enterprise 3.5/3.6.1 Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. | 8.8 |
2022-05-24 | CVE-2022-29221 | Smarty Debian Fedoraproject | Code Injection vulnerability in multiple products Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. | 8.8 |
2022-05-24 | CVE-2022-30459 | Chatbot APP With Suggestion Project | SQL Injection vulnerability in Chatbot APP With Suggestion Project Chatbot APP With Suggestion 1.0 ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. | 8.8 |
2022-05-25 | CVE-2022-30321 | Hashicorp | Command Injection vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. | 8.6 |
2022-05-25 | CVE-2022-30322 | Hashicorp | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. | 8.6 |
2022-05-25 | CVE-2022-30323 | Hashicorp | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. | 8.6 |
2022-05-23 | CVE-2022-1467 | Aveva | Exposure of Resource to Wrong Sphere vulnerability in Aveva products Windows OS can be configured to overlay a “language bar” on top of any application. | 8.5 |
2022-05-25 | CVE-2021-44719 | Docker | Unspecified vulnerability in Docker Desktop Docker Desktop 4.3.0 has Incorrect Access Control. | 8.4 |
2022-05-24 | CVE-2014-125001 | Cardosystems | Improper Privilege Management vulnerability in Cardosystems Scala Rider Q3 Firmware A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. | 8.3 |
2022-05-26 | CVE-2022-22576 | Haxx Debian Netapp Brocade Splunk | Missing Authentication for Critical Function vulnerability in multiple products An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. | 8.1 |
2022-05-25 | CVE-2022-29248 | Guzzlephp Drupal Debian | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products Guzzle is a PHP HTTP client. | 8.1 |
2022-05-29 | CVE-2022-1927 | VIM Fedoraproject Apple | Buffer Over-read vulnerability in multiple products Buffer Over-read in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-05-27 | CVE-2022-1897 | VIM Fedoraproject Apple Debian | Out-of-bounds Write vulnerability in multiple products Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-05-27 | CVE-2022-1898 | VIM Fedoraproject Debian Apple | Use After Free vulnerability in multiple products Use After Free in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-05-26 | CVE-2022-26744 | Apple | Out-of-bounds Write vulnerability in Apple Iphone OS A memory corruption issue was addressed with improved state management. | 7.8 |
2022-05-26 | CVE-2022-26757 | Apple | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 7.8 |
2022-05-26 | CVE-2022-26768 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 7.8 |
2022-05-26 | CVE-2022-26774 | Apple | Unspecified vulnerability in Apple Itunes A logic issue was addressed with improved state management. | 7.8 |
2022-05-26 | CVE-2022-26704 | Apple | Link Following vulnerability in Apple mac OS X and Macos A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. | 7.8 |
2022-05-26 | CVE-2022-26736 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2022-05-26 | CVE-2022-26737 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2022-05-26 | CVE-2022-26738 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2022-05-26 | CVE-2022-1882 | Linux Netapp | Use After Free vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. | 7.8 |
2022-05-26 | CVE-2022-30784 | Tuxera Debian Fedoraproject | Classic Buffer Overflow vulnerability in multiple products A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | 7.8 |
2022-05-26 | CVE-2022-30786 | Tuxera Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | 7.8 |
2022-05-26 | CVE-2022-30788 | Tuxera Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. | 7.8 |
2022-05-26 | CVE-2022-30789 | Tuxera Debian Fedoraproject | Out-of-bounds Write vulnerability in multiple products A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. | 7.8 |
2022-05-26 | CVE-2022-1886 | VIM Fedoraproject | Heap-based Buffer Overflow vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-05-25 | CVE-2022-1851 | VIM Fedoraproject Debian Apple | Out-of-bounds Read vulnerability in multiple products Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-05-24 | CVE-2021-3717 | Redhat | Files or Directories Accessible to External Parties vulnerability in Redhat products A flaw was found in Wildfly. | 7.8 |
2022-05-24 | CVE-2021-42612 | Halibut Project Fedoraproject | Use After Free vulnerability in multiple products A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document. | 7.8 |
2022-05-24 | CVE-2021-42613 | Halibut Project Fedoraproject | Double Free vulnerability in multiple products A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. | 7.8 |
2022-05-24 | CVE-2021-42614 | Halibut Project Fedoraproject | Use After Free vulnerability in multiple products A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document. | 7.8 |
2022-05-24 | CVE-2022-26531 | Zyxel | Improper Input Validation vulnerability in Zyxel products Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. | 7.8 |
2022-05-26 | CVE-2022-26701 | Apple | Race Condition vulnerability in Apple products A race condition was addressed with improved locking. | 7.6 |
2022-05-24 | CVE-2021-4229 | UA Parser JS Project | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ua-Parser-Js Project Ua-Parser-Js 0.7.29/0.8.0/1.0.0 A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. | 7.6 |
2022-05-26 | CVE-2022-26775 | Apple | Integer Overflow or Wraparound vulnerability in Apple mac OS X and Macos An integer overflow was addressed with improved input validation. | 7.5 |
2022-05-26 | CVE-2022-26776 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved checks. | 7.5 |
2022-05-26 | CVE-2022-29632 | Roncoo | Unrestricted Upload of File with Dangerous Type vulnerability in Roncoo Roncoo-Education 9.0.0 An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. | 7.5 |
2022-05-26 | CVE-2022-26708 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved checks. | 7.5 |
2022-05-26 | CVE-2022-26711 | Apple | Integer Overflow or Wraparound vulnerability in Apple products An integer overflow issue was addressed with improved input validation. | 7.5 |
2022-05-26 | CVE-2022-30495 | Automotive Shop Management System Project | Authorization Bypass Through User-Controlled Key vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) | 7.5 |
2022-05-26 | CVE-2022-30516 | Hospital Management System Project | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. | 7.5 |
2022-05-26 | CVE-2022-30472 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318) Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat | 7.5 |
2022-05-26 | CVE-2022-30474 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318) Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. | 7.5 |
2022-05-26 | CVE-2022-30476 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318) Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. | 7.5 |
2022-05-26 | CVE-2022-30477 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318) Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. | 7.5 |
2022-05-26 | CVE-2022-30500 | Jflyfox | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal cms 5.1.0 is vulnerable to SQL Injection. | 7.5 |
2022-05-26 | CVE-2022-29660 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. | 7.5 |
2022-05-26 | CVE-2021-42859 | Mini XML Project | Missing Release of Resource after Effective Lifetime vulnerability in Mini-Xml Project Mini-Xml 3.2 A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. | 7.5 |
2022-05-26 | CVE-2021-42860 | Mini XML Project | Missing Release of Resource after Effective Lifetime vulnerability in Mini-Xml Project Mini-Xml 3.2 A stack buffer overflow exists in Mini-XML v3.2. | 7.5 |
2022-05-25 | CVE-2022-26026 | Openautomationsoftware | Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112 A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. | 7.5 |
2022-05-25 | CVE-2022-26043 | Openautomationsoftware | Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112 An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. | 7.5 |
2022-05-25 | CVE-2022-26067 | Openautomationsoftware | Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112 An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. | 7.5 |
2022-05-25 | CVE-2022-26077 | Openautomationsoftware | Cleartext Transmission of Sensitive Information vulnerability in Openautomationsoftware OAS Platform 16.00.0112 A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. | 7.5 |
2022-05-25 | CVE-2022-26303 | Openautomationsoftware | Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112 An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. | 7.5 |
2022-05-25 | CVE-2022-27169 | Openautomationsoftware | Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112 An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. | 7.5 |
2022-05-25 | CVE-2022-1678 | Linux Netapp | An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. | 7.5 |
2022-05-25 | CVE-2022-28862 | Archibus | SQL Injection vulnerability in Archibus web Central 21.3.3.815 In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. | 7.5 |
2022-05-25 | CVE-2022-30595 | Python | Out-of-bounds Write vulnerability in Python Pillow 9.1.0 libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. | 7.5 |
2022-05-24 | CVE-2022-22497 | IBM | Unspecified vulnerability in IBM Aspera Faspex 4.4.1/5.0.0 IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. | 7.5 |
2022-05-24 | CVE-2013-10003 | Telecomsoftware | SQL Injection vulnerability in Telecomsoftware Samwin Agent and Samwin Contact Center A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. | 7.5 |
2022-05-24 | CVE-2022-29249 | Javaez Project | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Javaez Project Javaez 1.6 JavaEZ is a library that adds new functions to make Java easier. | 7.5 |
2022-05-24 | CVE-2022-29217 | Pyjwt Project Fedoraproject | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products PyJWT is a Python implementation of RFC 7519. | 7.5 |
2022-05-24 | CVE-2022-29223 | Microsoft | Classic Buffer Overflow vulnerability in Microsoft Azure Rtos Usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. | 7.5 |
2022-05-24 | CVE-2022-29246 | Microsoft | Classic Buffer Overflow vulnerability in Microsoft Azure Rtos Usbx Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. | 7.5 |
2022-05-24 | CVE-2022-30838 | Covid 19 Travel Pass Management System Project | SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status | 7.5 |
2022-05-24 | CVE-2022-30461 | Water Billing System Project | SQL Injection vulnerability in Water Billing System Project Water Billing System 1.0 Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id | 7.5 |
2022-05-24 | CVE-2021-42654 | Sscms | Unrestricted Upload of File with Dangerous Type vulnerability in Sscms Siteserver CMS SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. | 7.5 |
2022-05-24 | CVE-2022-30454 | Merchandise Online Store Project | SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. | 7.5 |
2022-05-24 | CVE-2022-30455 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. | 7.5 |
2022-05-23 | CVE-2022-0781 | Nirweb | SQL Injection vulnerability in Nirweb Support The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection | 7.5 |
2022-05-27 | CVE-2022-30700 | Trendmicro | Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Apex ONE 2019 An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. | 7.2 |
2022-05-27 | CVE-2022-30701 | Trendmicro | Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 2019 An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. | 7.2 |
2022-05-26 | CVE-2022-24417 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 7.2 |
2022-05-26 | CVE-2022-24418 | Dell | Improper Input Validation vulnerability in Dell products Dell BIOS contains an improper input validation vulnerability. | 7.2 |
2022-05-26 | CVE-2022-26865 | Dell | Improper Authentication vulnerability in Dell Supportassist OS Recovery 5.5.1 Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. | 7.2 |
2022-05-25 | CVE-2022-29402 | TP Link | Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Wr840N Firmware TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. | 7.2 |
2022-05-25 | CVE-2022-22127 | Tableau | Unspecified vulnerability in Tableau Server Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. | 7.2 |
2022-05-25 | CVE-2022-29651 | Online Food Ordering System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Online Food Ordering System Project Online Food Ordering System 1.0 An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
2022-05-24 | CVE-2022-23050 | Zohocorp | Uncontrolled Search Path Element vulnerability in Zohocorp Manageengine Applications Manager ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. | 7.2 |
2022-05-24 | CVE-2022-26532 | Zyxel | OS Command Injection vulnerability in Zyxel products A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. | 7.2 |
2022-05-27 | CVE-2022-20806 | Cisco | Information Exposure Through Log Files vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. | 7.1 |
2022-05-23 | CVE-2022-31466 | Quickheal | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Quickheal Total Security 10.1.0.316/11.00/12.00 Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. | 7.0 |
198 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-05-27 | CVE-2022-28394 | Trendmicro | Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). | 6.9 |
2022-05-26 | CVE-2022-26743 | Apple | Out-of-bounds Write vulnerability in Apple Macos An out-of-bounds write issue was addressed with improved bounds checking. | 6.9 |
2022-05-26 | CVE-2022-26747 | Apple | Unspecified vulnerability in Apple Xcode This issue was addressed with improved checks. | 6.8 |
2022-05-26 | CVE-2022-26748 | Apple | Out-of-bounds Write vulnerability in Apple mac OS X An out-of-bounds write issue was addressed with improved input validation. | 6.8 |
2022-05-26 | CVE-2022-26751 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved input validation. | 6.8 |
2022-05-26 | CVE-2022-29637 | Iminho | Unrestricted Upload of File with Dangerous Type vulnerability in Iminho Mindoc 2.1 An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. | 6.8 |
2022-05-26 | CVE-2022-26718 | Apple | Out-of-bounds Read vulnerability in Apple Macos An out-of-bounds read issue was addressed with improved input validation. | 6.8 |
2022-05-26 | CVE-2022-31265 | Wargaming | Authentication Bypass by Capture-replay vulnerability in Wargaming World of Warships 0.11.4 The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source. | 6.8 |
2022-05-26 | CVE-2021-34360 | Qnap | Cross-Site Request Forgery (CSRF) vulnerability in Qnap NAS Proxy Server A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. | 6.8 |
2022-05-25 | CVE-2022-27305 | Gibbonedu | Session Fixation vulnerability in Gibbonedu Gibbon Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. | 6.8 |
2022-05-25 | CVE-2022-21951 | Suse | Cleartext Transmission of Sensitive Information vulnerability in Suse Rancher A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5. | 6.8 |
2022-05-24 | CVE-2022-29333 | Cyberlink | Improper Privilege Management vulnerability in Cyberlink Powerdirector 14.0 A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. | 6.8 |
2022-05-24 | CVE-2021-32965 | Deltaww | Type Confusion vulnerability in Deltaww Diascreen Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. | 6.8 |
2022-05-24 | CVE-2021-32969 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Diascreen Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. | 6.8 |
2022-05-24 | CVE-2022-29305 | Imgurl Project | SQL Injection vulnerability in Imgurl Project Imgurl 2.31 imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. | 6.8 |
2022-05-23 | CVE-2022-29002 | Xuxueli | Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.3.0 A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. | 6.8 |
2022-05-23 | CVE-2022-28944 | Emcosoftware | Download of Code Without Integrity Check vulnerability in Emcosoftware products Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. | 6.8 |
2022-05-23 | CVE-2022-30014 | Simple Food Website Project | Cross-Site Request Forgery (CSRF) vulnerability in Simple Food Website Project Simple Food Website 1.0 Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. | 6.8 |
2022-05-23 | CVE-2021-42585 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | 6.8 |
2022-05-23 | CVE-2021-42586 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | 6.8 |
2022-05-26 | CVE-2022-26691 | Apple Debian Fedoraproject Openprinting | Incorrect Comparison vulnerability in multiple products A logic issue was addressed with improved state management. | 6.7 |
2022-05-26 | CVE-2022-30783 | Tuxera Fedoraproject Debian | Unchecked Return Value vulnerability in multiple products An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 |
2022-05-26 | CVE-2022-30785 | Tuxera Fedoraproject Debian | A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 |
2022-05-26 | CVE-2022-30787 | Tuxera Fedoraproject Debian | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 |
2022-05-25 | CVE-2022-29256 | Sharp Project | OS Command Injection vulnerability in Sharp Project Sharp sharp is an application for Node.js image processing. | 6.7 |
2022-05-27 | CVE-2022-30687 | Trendmicro | Link Following vulnerability in Trendmicro Maximum Security 2022 17.7 Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. | 6.6 |
2022-05-26 | CVE-2022-21827 | Citrix | Improper Privilege Management vulnerability in Citrix Gateway Plug-In 12.158/12.158.15/13.061.48 An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. | 6.6 |
2022-05-27 | CVE-2022-20807 | Cisco | Information Exposure Through Log Files vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. | 6.5 |
2022-05-26 | CVE-2022-30585 | RSA | Unspecified vulnerability in RSA Archer The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. | 6.5 |
2022-05-26 | CVE-2022-22662 | Apple Fedoraproject | A cookie management issue was addressed with improved state management. | 6.5 |
2022-05-26 | CVE-2022-30508 | Dedecms | Path Traversal vulnerability in Dedecms 5.7.93 DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. | 6.5 |
2022-05-26 | CVE-2022-20809 | Cisco | Information Exposure Through Log Files vulnerability in Cisco Telepresence Video Communication Server Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. | 6.5 |
2022-05-26 | CVE-2022-20821 | Cisco | Unspecified vulnerability in Cisco IOS XR A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. | 6.5 |
2022-05-26 | CVE-2022-29661 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save. | 6.5 |
2022-05-26 | CVE-2022-29662 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save. | 6.5 |
2022-05-26 | CVE-2022-29663 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. | 6.5 |
2022-05-26 | CVE-2022-29664 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save. | 6.5 |
2022-05-26 | CVE-2022-29665 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save. | 6.5 |
2022-05-26 | CVE-2022-29666 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | 6.5 |
2022-05-26 | CVE-2022-29667 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. | 6.5 |
2022-05-26 | CVE-2022-29669 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan. | 6.5 |
2022-05-26 | CVE-2022-29670 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del. | 6.5 |
2022-05-26 | CVE-2022-29676 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | 6.5 |
2022-05-26 | CVE-2022-29680 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del. | 6.5 |
2022-05-26 | CVE-2022-29681 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del. | 6.5 |
2022-05-26 | CVE-2022-29682 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del. | 6.5 |
2022-05-26 | CVE-2022-29683 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del. | 6.5 |
2022-05-26 | CVE-2022-29684 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del. | 6.5 |
2022-05-26 | CVE-2022-29685 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort. | 6.5 |
2022-05-26 | CVE-2022-29686 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan. | 6.5 |
2022-05-26 | CVE-2022-29687 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del. | 6.5 |
2022-05-26 | CVE-2022-29688 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy. | 6.5 |
2022-05-26 | CVE-2022-29689 | Chshcms | SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2 CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del. | 6.5 |
2022-05-26 | CVE-2021-40317 | Piwigo | SQL Injection vulnerability in Piwigo 11.5.0 Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | 6.5 |
2022-05-25 | CVE-2022-31620 | Libjpeg Project | Reachable Assertion vulnerability in Libjpeg Project Libjpeg 1.63 In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. | 6.5 |
2022-05-25 | CVE-2022-1348 | Logrotate Project Fedoraproject | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A vulnerability was found in logrotate in how the state file is created. | 6.5 |
2022-05-25 | CVE-2022-1883 | Camptocamp | SQL Injection vulnerability in Camptocamp Terraboard SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0. | 6.5 |
2022-05-25 | CVE-2022-29405 | Apache | Unspecified vulnerability in Apache Archiva In Apache Archiva, any registered user can reset password for any users. | 6.5 |
2022-05-24 | CVE-2022-22495 | IBM | SQL Injection vulnerability in IBM I 7.3/7.4/7.5 IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. | 6.5 |
2022-05-24 | CVE-2022-30843 | Room Rent Portal Site Project | SQL Injection vulnerability in Room Rent Portal Site Project Room Rent Portal Site 1.0 Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. | 6.5 |
2022-05-24 | CVE-2022-30463 | Automotive Shop Management System Project | SQL Injection vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. | 6.5 |
2022-05-24 | CVE-2021-42655 | Sscms | SQL Injection vulnerability in Sscms Siteserver CMS 6.15.51 SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. | 6.5 |
2022-05-24 | CVE-2022-1837 | Home Clean Services Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Home Clean Services Management System Project Home Clean Services Management System 1.0 A vulnerability was found in Home Clean Services Management System 1.0. | 6.5 |
2022-05-24 | CVE-2022-1838 | Home Clean Services Management System Project | SQL Injection vulnerability in Home Clean Services Management System Project Home Clean Services Management System 1.0 A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. | 6.5 |
2022-05-24 | CVE-2022-1839 | Home Clean Services Management System Project | SQL Injection vulnerability in Home Clean Services Management System Project Home Clean Services Management System 1.0 A vulnerability classified as critical was found in Home Clean Services Management System 1.0. | 6.5 |
2022-05-23 | CVE-2022-28999 | Bloodshed | Incorrect Default Permissions vulnerability in Bloodshed Dev-C++ 4.9.9.2 Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. | 6.5 |
2022-05-23 | CVE-2022-29376 | Apachefriends | Incorrect Default Permissions vulnerability in Apachefriends Xampp Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. | 6.5 |
2022-05-23 | CVE-2022-30016 | Rescue Dispatch Management System Project | Incorrect Authorization vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info. | 6.5 |
2022-05-26 | CVE-2022-26693 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved checks. | 6.4 |
2022-05-26 | CVE-2022-26694 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed with improved checks. | 6.4 |
2022-05-26 | CVE-2022-1899 | Radare | Out-of-bounds Read vulnerability in Radare Radare2 Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. | 6.4 |
2022-05-25 | CVE-2021-27779 | Hcltech | Missing Encryption of Sensitive Data vulnerability in Hcltech Versionvault Express 2.0.1 VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server. | 6.4 |
2022-05-24 | CVE-2020-4926 | IBM | Missing Authorization vulnerability in IBM Elastic Storage System and Spectrum Scale A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. | 6.4 |
2022-05-24 | CVE-2013-10002 | Telecomsoftware | Use of Hard-coded Credentials vulnerability in Telecomsoftware Samwin Agent and Samwin Contact Center A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. | 6.4 |
2022-05-27 | CVE-2022-20666 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20667 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20668 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20669 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20670 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20671 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20672 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20673 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-27 | CVE-2022-20674 | Cisco | Cross-site Scripting vulnerability in Cisco Common Services Platform Collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-05-26 | CVE-2021-4232 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul ZOO Management System 1.0 A vulnerability classified as problematic has been found in Zoo Management System 1.0. | 6.1 |
2022-05-26 | CVE-2022-22577 | Rubyonrails Debian | Cross-site Scripting vulnerability in multiple products An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. | 6.1 |
2022-05-26 | CVE-2022-27777 | Rubyonrails Debian | Cross-site Scripting vulnerability in multiple products A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | 6.1 |
2022-05-24 | CVE-2021-42659 | Tenda | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda AC9 Firmware 15.03.05.19(6318)/15.03.06.42Multi There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. | 6.1 |
2022-05-23 | CVE-2022-29004 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul E-Diary Management System 1.0 Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. | 6.1 |
2022-05-23 | CVE-2022-29005 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Online Birth Certificate System 1.2 Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters. | 6.1 |
2022-05-24 | CVE-2021-3597 | Redhat Netapp | Race Condition vulnerability in multiple products A flaw was found in undertow. | 5.9 |
2022-05-24 | CVE-2021-3629 | Redhat Netapp | Resource Exhaustion vulnerability in multiple products A flaw was found in Undertow. | 5.9 |
2022-05-27 | CVE-2022-1907 | Libmobi Project | Out-of-bounds Read vulnerability in Libmobi Project Libmobi Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | 5.8 |
2022-05-27 | CVE-2022-1908 | Libmobi Project | Out-of-bounds Read vulnerability in Libmobi Project Libmobi Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | 5.8 |
2022-05-26 | CVE-2022-26773 | Apple | Unspecified vulnerability in Apple Itunes A logic issue was addressed with improved state management. | 5.8 |
2022-05-26 | CVE-2022-26697 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X and Macos An out-of-bounds read issue was addressed with improved input validation. | 5.8 |
2022-05-26 | CVE-2022-26698 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X and Macos An out-of-bounds read issue was addressed with improved bounds checking. | 5.8 |
2022-05-26 | CVE-2022-22616 | Apple | Unspecified vulnerability in Apple mac OS X and Macos This issue was addressed with improved checks. | 5.5 |
2022-05-26 | CVE-2022-22663 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved checks to prevent unauthorized actions. | 5.5 |
2022-05-26 | CVE-2022-22676 | Apple | Unspecified vulnerability in Apple Macos 12.0.0/12.0.1/12.1 An event handler validation issue in the XPC Services API was addressed by removing the service. | 5.5 |
2022-05-25 | CVE-2022-31650 | SOX Project | Incorrect Comparison vulnerability in SOX Project SOX 14.4.2 In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | 5.5 |
2022-05-25 | CVE-2022-31651 | SOX Project | Reachable Assertion vulnerability in SOX Project SOX 14.4.2 In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | 5.5 |
2022-05-25 | CVE-2022-31621 | Mariadb | Improper Locking vulnerability in Mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. | 5.5 |
2022-05-25 | CVE-2022-31622 | Mariadb | Improper Locking vulnerability in Mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. | 5.5 |
2022-05-25 | CVE-2022-31623 | Mariadb | Improper Locking vulnerability in Mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. | 5.5 |
2022-05-25 | CVE-2022-31624 | Mariadb | Improper Locking vulnerability in Mariadb MariaDB Server before 10.7 is vulnerable to Denial of Service. | 5.5 |
2022-05-24 | CVE-2022-1669 | Circutor | Stack-based Buffer Overflow vulnerability in Circutor Compact Dc-S Basic Firmware 1.2.17 A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. | 5.5 |
2022-05-24 | CVE-2022-1849 | Filegator | Session Fixation vulnerability in Filegator Session Fixation in GitHub repository filegator/filegator prior to 7.8.0. | 5.5 |
2022-05-24 | CVE-2022-1850 | Filegator | Path Traversal vulnerability in Filegator Path Traversal in GitHub repository filegator/filegator prior to 7.8.0. | 5.5 |
2022-05-24 | CVE-2022-29237 | Apereo | Improper Authentication vulnerability in Apereo Opencast Opencast is a free and open source solution for automated video capture and distribution at scale. | 5.5 |
2022-05-23 | CVE-2022-28998 | Xlightftpd | Out-of-bounds Write vulnerability in Xlightftpd Xlight FTP 3.9.3.2 Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code. | 5.5 |
2022-05-29 | CVE-2022-1928 | Gitea | Cross-site Scripting vulnerability in Gitea Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. | 5.4 |
2022-05-27 | CVE-2022-20802 | Cisco | Cross-site Scripting vulnerability in Cisco Enterprise Chat and Email A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 5.4 |
2022-05-24 | CVE-2022-30464 | Chatbot APP With Suggestion Project | Cross-site Scripting vulnerability in Chatbot APP With Suggestion Project Chatbot APP With Suggestion 1.0 ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. | 5.4 |
2022-05-23 | CVE-2022-1811 | Publify Project | Unrestricted Upload of File with Dangerous Type vulnerability in Publify Project Publify Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. | 5.4 |
2022-05-23 | CVE-2022-0900 | Netdatasoft | Cross-site Scripting vulnerability in Netdatasoft Divvy Drive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0. | 5.4 |
2022-05-23 | CVE-2022-1816 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul ZOO Management System 1.0 A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. | 5.4 |
2022-05-23 | CVE-2022-1817 | Badminton Center Management System Project | Cross-site Scripting vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 A vulnerability, which was classified as problematic, was found in Badminton Center Management System. | 5.4 |
2022-05-24 | CVE-2021-32964 | Aggsoft | Path Traversal vulnerability in Aggsoft Webserver The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system. | 5.3 |
2022-05-27 | CVE-2022-25878 | Protobufjs Project | Unspecified vulnerability in Protobufjs Project Protobufjs The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. | 5.0 |
2022-05-27 | CVE-2021-27780 | Hcltech | Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | 5.0 |
2022-05-26 | CVE-2022-26725 | Apple | Unspecified vulnerability in Apple Macos A logic issue was addressed with improved state management. | 5.0 |
2022-05-26 | CVE-2022-22673 | Apple | Unspecified vulnerability in Apple Iphone OS This issue was addressed with improved checks. | 5.0 |
2022-05-26 | CVE-2021-33014 | Kuka | Use of Hard-coded Credentials vulnerability in Kuka KR C4 Firmware and KSS An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. | 5.0 |
2022-05-26 | CVE-2021-33016 | Kuka | Use of Hard-coded Credentials vulnerability in Kuka KR C4 Firmware and KSS An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. | 5.0 |
2022-05-26 | CVE-2022-30473 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318) Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set | 5.0 |
2022-05-26 | CVE-2022-30475 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318) Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. | 5.0 |
2022-05-26 | CVE-2022-29720 | 74Cms | Files or Directories Accessible to External Parties vulnerability in 74Cms 74Cmsse 3.5.1 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php. | 5.0 |
2022-05-26 | CVE-2022-29721 | 74Cms | SQL Injection vulnerability in 74Cms 74Cmsse 3.5.1 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. | 5.0 |
2022-05-25 | CVE-2022-30427 | Ginadmin Project | Path Traversal vulnerability in Ginadmin Project Ginadmin In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. | 5.0 |
2022-05-25 | CVE-2022-30428 | Ginadmin Project | Files or Directories Accessible to External Parties vulnerability in Ginadmin Project Ginadmin In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. | 5.0 |
2022-05-25 | CVE-2021-32997 | Bakerhughes | Use of Password Hash With Insufficient Computational Effort vulnerability in Bakerhughes products The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. | 5.0 |
2022-05-25 | CVE-2022-1815 | Diagrams | Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. | 5.0 |
2022-05-24 | CVE-2013-10004 | Telecomsoftware | Improper Restriction of Excessive Authentication Attempts vulnerability in Telecomsoftware Samwin Agent and Samwin Contact Center A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. | 5.0 |
2022-05-24 | CVE-2021-4230 | Airfield Online Project | Improper Authentication vulnerability in Airfield Online Project Airfield Online A vulnerability has been found in Airfield Online and classified as problematic. | 5.0 |
2022-05-24 | CVE-2022-29219 | Chainsafe | Integer Overflow or Wraparound vulnerability in Chainsafe Lodestar Lodestar is a TypeScript implementation of the Ethereum Consensus specification. | 5.0 |
2022-05-24 | CVE-2022-29242 | Gost Engine Project | Classic Buffer Overflow vulnerability in Gost Engine Project Gost Engine GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. | 5.0 |
2022-05-24 | CVE-2022-29567 | Vaadin | Information Exposure vulnerability in Vaadin The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side. | 5.0 |
2022-05-24 | CVE-2022-31263 | Joinmastodon | Unspecified vulnerability in Joinmastodon Mastodon app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. | 5.0 |
2022-05-24 | CVE-2022-29309 | Mysiteforme Project | Server-Side Request Forgery (SSRF) vulnerability in Mysiteforme Project Mysiteforme 2.2.1 mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | 5.0 |
2022-05-24 | CVE-2022-29377 | Totolink | Out-of-bounds Write vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102 Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. | 5.0 |
2022-05-23 | CVE-2022-31487 | Inoutscripts | SQL Injection vulnerability in Inoutscripts Blockchain Altexchanger and Blockchain Fiatexchanger Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. | 5.0 |
2022-05-23 | CVE-2022-31488 | Inoutscripts | SQL Injection vulnerability in Inoutscripts Blockchain Altexchanger 1.2.1 Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. | 5.0 |
2022-05-23 | CVE-2022-31489 | Inoutscripts | SQL Injection vulnerability in Inoutscripts Blockchain Altexchanger 1.2.1 Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. | 5.0 |
2022-05-23 | CVE-2022-28997 | Cszcms | Server-Side Request Forgery (SSRF) vulnerability in Cszcms 1.3.0 CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. | 5.0 |
2022-05-23 | CVE-2022-28874 | F Secure Withsecure | Out-of-bounds Write vulnerability in multiple products Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. | 5.0 |
2022-05-26 | CVE-2022-22674 | Apple | Out-of-bounds Read vulnerability in Apple mac OS X and Macos An out-of-bounds read issue existed that led to the disclosure of kernel memory. | 4.9 |
2022-05-26 | CVE-2022-26688 | Apple | Link Following vulnerability in Apple mac OS X and Macos An issue in the handling of symlinks was addressed with improved validation. | 4.9 |
2022-05-26 | CVE-2022-29082 | Dell | Improper Certificate Validation vulnerability in Dell EMC Networker Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates. | 4.9 |
2022-05-27 | CVE-2022-20765 | Cisco | Cross-site Scripting vulnerability in Cisco UCS Director A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. | 4.8 |
2022-05-24 | CVE-2022-1819 | Student Information System Project | Cross-site Scripting vulnerability in Student Information System Project Student Information System 1.0 A vulnerability, which was classified as problematic, was found in Student Information System 1.0. | 4.8 |
2022-05-24 | CVE-2022-1840 | Home Clean Services Management System Project | Cross-site Scripting vulnerability in Home Clean Services Management System Project Home Clean Services Management System 1.0 A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. | 4.8 |
2022-05-24 | CVE-2022-22309 | IBM | Missing Authentication for Critical Function vulnerability in IBM Power System S922 Firmware The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. | 4.6 |
2022-05-23 | CVE-2022-31467 | Quickheal | Uncontrolled Search Path Element vulnerability in Quickheal Total Security 10.1.0.316/11.00/12.00 A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load. | 4.4 |
2022-05-26 | CVE-2022-26745 | Apple | Out-of-bounds Write vulnerability in Apple Macos A memory corruption issue was addressed with improved validation. | 4.3 |
2022-05-26 | CVE-2022-26746 | Apple | Unspecified vulnerability in Apple mac OS X This issue was addressed by removing the vulnerable code. | 4.3 |
2022-05-26 | CVE-2022-26755 | Apple | Unspecified vulnerability in Apple mac OS X This issue was addressed with improved environment sanitization. | 4.3 |
2022-05-26 | CVE-2022-26766 | Apple | Improper Certificate Validation vulnerability in Apple products A certificate parsing issue was addressed with improved checks. | 4.3 |
2022-05-26 | CVE-2022-26767 | Apple | Incorrect Authorization vulnerability in Apple Macos The issue was addressed with additional permissions checks. | 4.3 |
2022-05-26 | CVE-2022-31648 | Talend | Cross-site Scripting vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0 Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. | 4.3 |
2022-05-26 | CVE-2022-26706 | Apple | Unspecified vulnerability in Apple products An access issue was addressed with additional sandbox restrictions on third-party applications. | 4.3 |
2022-05-26 | CVE-2022-26712 | Apple | Unspecified vulnerability in Apple Macos This issue was addressed by removing the vulnerable code. | 4.3 |
2022-05-26 | CVE-2022-26726 | Apple | Unspecified vulnerability in Apple mac OS X This issue was addressed with improved checks. | 4.3 |
2022-05-26 | CVE-2022-26727 | Apple | Unspecified vulnerability in Apple mac OS X and Macos This issue was addressed with improved entitlements. | 4.3 |
2022-05-26 | CVE-2022-26728 | Apple | Unspecified vulnerability in Apple mac OS X and Macos This issue was addressed with improved entitlements. | 4.3 |
2022-05-26 | CVE-2022-26731 | Apple | Unspecified vulnerability in Apple Iphone OS and Macos A logic issue was addressed with improved state management. | 4.3 |
2022-05-26 | CVE-2022-29091 | Dell | Cross-site Scripting vulnerability in Dell products Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. | 4.3 |
2022-05-26 | CVE-2021-42692 | Tinytoml Project | Out-of-bounds Write vulnerability in Tinytoml Project Tinytoml 0.4 There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS. | 4.3 |
2022-05-25 | CVE-2022-29251 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. | 4.3 |
2022-05-25 | CVE-2022-29252 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. | 4.3 |
2022-05-25 | CVE-2022-28875 | F Secure | Improper Resource Shutdown or Release vulnerability in F-Secure products A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. | 4.3 |
2022-05-25 | CVE-2022-29408 | Vsourz | Cross-site Scripting vulnerability in Vsourz Advanced CF7 DB Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. | 4.3 |
2022-05-25 | CVE-2021-32966 | Philips | Cleartext Transmission of Sensitive Information vulnerability in Philips Interoperability Solution XDS Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. | 4.3 |
2022-05-25 | CVE-2021-32989 | Lcds | Cross-site Scripting vulnerability in Lcds Laquis Scada When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. | 4.3 |
2022-05-25 | CVE-2021-44974 | Radare | NULL Pointer Dereference vulnerability in Radare Radare2 radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser. | 4.3 |
2022-05-25 | CVE-2022-29349 | Keking | Cross-site Scripting vulnerability in Keking Kkfileview 4.0.0 kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. | 4.3 |
2022-05-25 | CVE-2022-29358 | Epub2Txt2 Project | Integer Overflow or Wraparound vulnerability in Epub2Txt2 Project Epub2Txt2 2.04 epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. | 4.3 |
2022-05-25 | CVE-2022-29359 | School Club Application System Project | Cross-site Scripting vulnerability in School Club Application System Project School Club Application System 1.0 A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | 4.3 |
2022-05-25 | CVE-2022-29710 | Limesurvey | Cross-site Scripting vulnerability in Limesurvey A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. | 4.3 |
2022-05-24 | CVE-2021-32962 | Aggsoft | Cross-site Scripting vulnerability in Aggsoft Webserver The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to cross-site scripting, which may allow an attacker to remotely execute arbitrary code. | 4.3 |
2022-05-24 | CVE-2021-44975 | Radare | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Radare Radare2 5.5.2 radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. | 4.3 |
2022-05-24 | CVE-2022-30839 | Room Rent Portal Site Project | Cross-site Scripting vulnerability in Room Rent Portal Site Project Room Rent Portal Site 1.0 Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. | 4.3 |
2022-05-24 | CVE-2022-31261 | Morpheusdata | XXE vulnerability in Morpheusdata Morpheus An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. | 4.3 |
2022-05-24 | CVE-2022-1848 | Erudika | Unspecified vulnerability in Erudika Para Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. | 4.3 |
2022-05-24 | CVE-2022-0734 | Zyxel | Cross-site Scripting vulnerability in Zyxel products A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script. | 4.3 |
2022-05-23 | CVE-2022-1810 | Publify Project | Authorization Bypass Through User-Controlled Key vulnerability in Publify Project Publify Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9. | 4.3 |
2022-05-23 | CVE-2022-0346 | Xmlsitemapgenerator | Cross-site Scripting vulnerability in Xmlsitemapgenerator XML Sitemap Generator The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on. | 4.3 |
2022-05-23 | CVE-2022-1192 | Turn OFF ALL Comments Project | Cross-site Scripting vulnerability in Turn OFF ALL Comments Project Turn OFF ALL Comments The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 4.3 |
2022-05-23 | CVE-2022-1218 | Duogeek | Cross-site Scripting vulnerability in Duogeek Domain Replace The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | 4.3 |
2022-05-23 | CVE-2022-1221 | Gwyn S Imagemap Selector Project | Cross-site Scripting vulnerability in Gwyn'S Imagemap Selector Project Gwyn'S Imagemap Selector The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. | 4.3 |
2022-05-23 | CVE-2022-1268 | Donate Extra Project | Cross-site Scripting vulnerability in Donate Extra Project Donate Extra 2.02 The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting | 4.3 |
2022-05-23 | CVE-2022-1547 | Wpchill | Cross-site Scripting vulnerability in Wpchill Check & LOG Email The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | 4.3 |
2022-05-26 | CVE-2022-24414 | Dell | Information Exposure vulnerability in Dell Cloudlink Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. | 4.0 |
2022-05-25 | CVE-2022-29253 | Xwiki | Path Traversal vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 4.0 |
2022-05-25 | CVE-2021-27783 | Hcltech | Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Mobile and Bigfix Modern Client Management User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | 4.0 |
2022-05-25 | CVE-2021-35487 | Nokia | SQL Injection vulnerability in Nokia Broadcast Message Center Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. | 4.0 |
2022-05-24 | CVE-2022-0910 | Zyxel | Improper Authentication vulnerability in Zyxel products A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled. | 4.0 |
2022-05-23 | CVE-2021-41714 | Tipask | Download of Code Without Integrity Check vulnerability in Tipask In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage. | 4.0 |
2022-05-23 | CVE-2021-41834 | Jfrog | Unspecified vulnerability in Jfrog Artifactory JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. | 4.0 |
31 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-05-26 | CVE-2021-28508 | Arista | Cleartext Transmission of Sensitive Information vulnerability in Arista EOS and Terminattr This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. | 3.6 |
2022-05-26 | CVE-2021-28509 | Arista | Cleartext Transmission of Sensitive Information vulnerability in Arista EOS and Terminattr This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. | 3.6 |
2022-05-24 | CVE-2022-22977 | Vmware | XXE vulnerability in VMWare Tools VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. | 3.6 |
2022-05-27 | CVE-2021-27781 | Hcltech | Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | 3.5 |
2022-05-27 | CVE-2022-1909 | Organizr | Cross-site Scripting vulnerability in Organizr Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200. | 3.5 |
2022-05-26 | CVE-2022-30494 | Automotive Shop Management System Project | Cross-site Scripting vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. | 3.5 |
2022-05-26 | CVE-2021-4231 | Angular | Cross-site Scripting vulnerability in Angular A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. | 3.5 |
2022-05-25 | CVE-2022-29380 | Creativeitem | Cross-site Scripting vulnerability in Creativeitem Academy LMS 4.3 Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. | 3.5 |
2022-05-25 | CVE-2022-29362 | Zkeacms | Cross-site Scripting vulnerability in Zkeacms 3.5.2 A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter. | 3.5 |
2022-05-24 | CVE-2022-30842 | Covid 19 Travel Pass Management System Project | Cross-site Scripting vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0 Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. | 3.5 |
2022-05-24 | CVE-2022-30458 | Automotive Shop Management System Project | Cross-site Scripting vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. | 3.5 |
2022-05-24 | CVE-2022-30460 | Simple Social Networking Site Project | Cross-site Scripting vulnerability in Simple Social Networking Site Project Simple Social Networking Site 1.0 Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. | 3.5 |
2022-05-24 | CVE-2022-30462 | Water Billing System Project | Cross-site Scripting vulnerability in Water Billing System Project Water Billing System 1.0 Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. | 3.5 |
2022-05-24 | CVE-2022-30837 | Toll TAX Management System Project | Cross-site Scripting vulnerability in Toll TAX Management System Project Toll TAX Management System 1.0 Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. | 3.5 |
2022-05-24 | CVE-2021-42656 | Sscms | Cross-site Scripting vulnerability in Sscms Siteserver CMS 6.15.51 SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. | 3.5 |
2022-05-24 | CVE-2022-30456 | Badminton Center Management System Project | Cross-site Scripting vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. | 3.5 |
2022-05-23 | CVE-2022-30015 | Simple Food Website Project | Cross-site Scripting vulnerability in Simple Food Website Project Simple Food Website 1.0 In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss. | 3.5 |
2022-05-23 | CVE-2021-42233 | Simple Blog Project | Cross-site Scripting vulnerability in Simple Blog Project Simple Blog The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. | 3.5 |
2022-05-23 | CVE-2022-30017 | Rescue Dispatch Management System Project | Cross-site Scripting vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing. | 3.5 |
2022-05-23 | CVE-2022-1825 | Collectiveaccess | Cross-site Scripting vulnerability in Collectiveaccess Providence 1.1/1.2/1.3 Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8. | 3.5 |
2022-05-23 | CVE-2022-1093 | Joomunited | Cross-site Scripting vulnerability in Joomunited WP Meta SEO The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed. | 3.5 |
2022-05-23 | CVE-2022-1298 | Wpshopmart | Cross-site Scripting vulnerability in Wpshopmart Tabs Responsive The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 3.5 |
2022-05-23 | CVE-2022-1320 | 10Web | Cross-site Scripting vulnerability in 10Web Sliderby10Web The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 3.5 |
2022-05-23 | CVE-2022-1558 | Curtain Project | Cross-site Scripting vulnerability in Curtain Project Curtain The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | 3.5 |
2022-05-24 | CVE-2022-22306 | Fortinet | Improper Certificate Validation vulnerability in Fortinet Fortios An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms. | 2.9 |
2022-05-26 | CVE-2022-26764 | Apple | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved validation. | 2.6 |
2022-05-26 | CVE-2022-26690 | Apple | Race Condition vulnerability in Apple Macos Description: A race condition was addressed with additional validation. | 2.6 |
2022-05-26 | CVE-2022-26703 | Apple | Unspecified vulnerability in Apple Iphone OS An authorization issue was addressed with improved state management. | 2.4 |
2022-05-26 | CVE-2022-26724 | Apple | Improper Authentication vulnerability in Apple Tvos An authentication issue was addressed with improved state management. | 2.1 |
2022-05-23 | CVE-2021-32958 | Claroty | Unspecified vulnerability in Claroty Secure Remote Access Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). | 2.1 |
2022-05-26 | CVE-2022-26765 | Apple | Race Condition vulnerability in Apple products A race condition was addressed with improved state handling. | 1.9 |