Weekly Vulnerabilities Reports > May 30 to June 5, 2022
Overview
408 new vulnerabilities reported during this period, including 115 critical vulnerabilities and 169 high severity vulnerabilities. This weekly summary report vulnerabilities in 273 products from 180 vendors including Badminton Center Management System Project, Wedding Management System Project, Debian, Totolink, and Netapp. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "OS Command Injection", "Unrestricted Upload of File with Dangerous Type", and "Out-of-bounds Write".
- 350 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 211 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 245 reported vulnerabilities are exploitable by an anonymous user.
- Badminton Center Management System Project has the most reported vulnerabilities, with 19 reported vulnerabilities.
- Rescue Dispatch Management System Project has the most reported critical vulnerabilities, with 13 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
115 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-06-03 | CVE-2022-26134 | Atlassian | Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. | 9.8 |
2022-06-03 | CVE-2021-42890 | Totolink | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | 9.8 |
2022-06-03 | CVE-2021-42888 | Totolink | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | 9.8 |
2022-06-03 | CVE-2021-42887 | Totolink | Unspecified vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | 9.8 |
2022-06-03 | CVE-2021-42884 | Totolink | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. | 9.8 |
2022-06-03 | CVE-2021-42885 | Totolink | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. | 9.8 |
2022-06-03 | CVE-2022-32269 | Realnetworks | Cross-site Scripting vulnerability in Realnetworks Realplayer 20.0.8.310 In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). | 9.8 |
2022-06-03 | CVE-2022-32270 | Realnetworks | Path Traversal vulnerability in Realnetworks Realplayer 20.0.7.309/20.0.8.310 In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. | 9.8 |
2022-06-02 | CVE-2022-30234 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. | 9.8 |
2022-06-02 | CVE-2022-30235 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. | 9.8 |
2022-06-02 | CVE-2022-26869 | Dell | Exposure of Resource to Wrong Sphere vulnerability in Dell Powerstoreos Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. | 9.8 |
2022-06-02 | CVE-2022-29084 | Dell | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell products Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. | 9.8 |
2022-06-02 | CVE-2021-42875 | Totolink | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. | 9.8 |
2022-06-02 | CVE-2021-45981 | Netscout | XXE vulnerability in Netscout Ngeniusone 6.3.2 NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. | 9.8 |
2022-06-02 | CVE-2021-45983 | Netscout | Unspecified vulnerability in Netscout Ngeniusone 6.3.2 NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. | 9.8 |
2022-06-02 | CVE-2022-25163 | Mitsubishi | Improper Input Validation vulnerability in Mitsubishi products Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version "08" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets. | 9.8 |
2022-06-02 | CVE-2022-29704 | Browsbox | SQL Injection vulnerability in Browsbox Brows BOX 4.0 BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability. | 9.8 |
2022-06-02 | CVE-2022-32019 | CAR Rental Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0 Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. | 9.8 |
2022-06-02 | CVE-2022-31989 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=. | 9.8 |
2022-06-02 | CVE-2022-31990 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product. | 9.8 |
2022-06-02 | CVE-2022-31991 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court. | 9.8 |
2022-06-02 | CVE-2022-31993 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service. | 9.8 |
2022-06-02 | CVE-2022-32020 | CAR Rental Management System Project | Unspecified vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0 Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=save_settings. | 9.8 |
2022-06-02 | CVE-2022-32002 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=. | 9.8 |
2022-06-02 | CVE-2019-12349 | Zzcms | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 9.8 |
2022-06-02 | CVE-2019-12350 | Zzcms | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 9.8 |
2022-06-02 | CVE-2019-12351 | Zzcms | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 9.8 |
2022-06-02 | CVE-2020-28246 | Form | Injection vulnerability in Form Form.Io 2.0.0 A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. | 9.8 |
2022-06-02 | CVE-2021-26633 | Maxb | SQL Injection vulnerability in Maxb Maxboard SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. | 9.8 |
2022-06-02 | CVE-2021-26634 | Maxb | Unrestricted Upload of File with Dangerous Type vulnerability in Maxb Maxboard SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. | 9.8 |
2022-06-02 | CVE-2021-34079 | Docker Tester Project | OS Command Injection vulnerability in Docker-Tester Project Docker-Tester OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file. | 9.8 |
2022-06-02 | CVE-2021-34080 | SSL Utils Project | OS Command Injection vulnerability in Ssl-Utils Project Ssl-Utils OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions. | 9.8 |
2022-06-02 | CVE-2021-34082 | Proctree Project | OS Command Injection vulnerability in Proctree Project Proctree 0.1.0/0.1.1 OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function. | 9.8 |
2022-06-02 | CVE-2021-34084 | S3 Uploader Project | OS Command Injection vulnerability in S3-Uploader Project S3-Uploader OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function. | 9.8 |
2022-06-02 | CVE-2021-42872 | Totolink | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. | 9.8 |
2022-06-02 | CVE-2021-44095 | Hospital Management System Project | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. | 9.8 |
2022-06-02 | CVE-2021-44096 | Egavilanmedia | SQL Injection vulnerability in Egavilanmedia User Registration and Login System With Admin Panel 1.0 EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. | 9.8 |
2022-06-02 | CVE-2021-44097 | Contact Form With Messages Entry Management Project | SQL Injection vulnerability in Contact-Form-With-Messages-Entry-Management Project Contact-Form-With-Messages-Entry-Management 1.0 EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. | 9.8 |
2022-06-02 | CVE-2021-44098 | Egavilanmedia | SQL Injection vulnerability in Egavilanmedia Expense Management System 1.0 EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. | 9.8 |
2022-06-02 | CVE-2022-1660 | Keysight | Unspecified vulnerability in Keysight N6841A RF Firmware and N6854A Firmware The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. | 9.8 |
2022-06-02 | CVE-2022-24239 | Aceware | Unrestricted Upload of File with Dangerous Type vulnerability in Aceware Aceweb Online Portal 3.5.065 ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. | 9.8 |
2022-06-02 | CVE-2022-24240 | Aceware | SQL Injection vulnerability in Aceware Aceweb Online Portal 3.5.065 ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. | 9.8 |
2022-06-02 | CVE-2022-24702 | Winaprs | Classic Buffer Overflow vulnerability in Winaprs 2.9.0 An issue was discovered in WinAPRS 2.9.0. | 9.8 |
2022-06-02 | CVE-2022-25237 | Bonitasoft | Unspecified vulnerability in Bonitasoft Bonita web 2021.2 Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. | 9.8 |
2022-06-02 | CVE-2022-28605 | Linkplay | Use of Hard-coded Credentials vulnerability in Linkplay Sound BAR 1.0 Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory | 9.8 |
2022-06-02 | CVE-2022-28945 | Webbank | Path Traversal vulnerability in Webbank Webcube 3.2.2 An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. | 9.8 |
2022-06-02 | CVE-2022-29659 | Responsive Online Blog Project | SQL Injection vulnerability in Responsive Online Blog Project Responsive Online Blog 1.0 Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. | 9.8 |
2022-06-02 | CVE-2022-29712 | Librenms | Command Injection vulnerability in Librenms 22.3.0 LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. | 9.8 |
2022-06-02 | CVE-2022-29730 | USR | Use of Hard-coded Credentials vulnerability in USR products USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. | 9.8 |
2022-06-02 | CVE-2022-29776 | Onlyoffice | Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | 9.8 |
2022-06-02 | CVE-2022-29777 | Onlyoffice | Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. | 9.8 |
2022-06-02 | CVE-2022-30324 | Hashicorp | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. | 9.8 |
2022-06-02 | CVE-2022-30352 | Phpabook Project | SQL Injection vulnerability in PHPabook Project PHPabook 0.9I phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. | 9.8 |
2022-06-02 | CVE-2022-30423 | Merchandise Online Store Project | Unrestricted Upload of File with Dangerous Type vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0 Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | 9.8 |
2022-06-02 | CVE-2022-30470 | Afian | Unspecified vulnerability in Afian Filerun 2022.02.02 In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | 9.8 |
2022-06-02 | CVE-2022-30478 | Ecommerce Project With PHP AND Mysqli Fruits Bazar Project | SQL Injection vulnerability in Ecommerce-Project-With-PHP-And-Mysqli-Fruits-Bazar Project Ecommerce-Project-With-PHP-And-Mysqli-Fruits-Bazar 1.0 Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters. | 9.8 |
2022-06-02 | CVE-2022-30481 | Food Order AND Table Reservation System Project | SQL Injection vulnerability in Food-Order-And-Table-Reservation-System Project Food-Order-And-Table-Reservation-System 1.0 Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. | 9.8 |
2022-06-02 | CVE-2022-30490 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php. | 9.8 |
2022-06-02 | CVE-2022-30506 | Mingsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.7 An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | 9.8 |
2022-06-02 | CVE-2022-30510 | School Dormitory Management System Project | SQL Injection vulnerability in School Dormitory Management System Project School Dormitory Management System 1.0 School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. | 9.8 |
2022-06-02 | CVE-2022-30511 | School Dormitory Management System Project | SQL Injection vulnerability in School Dormitory Management System Project School Dormitory Management System 1.0 School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. | 9.8 |
2022-06-02 | CVE-2022-30512 | School Dormitory Management System Project | SQL Injection vulnerability in School Dormitory Management System Project School Dormitory Management System 1.0 School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. | 9.8 |
2022-06-02 | CVE-2022-30521 | Dlink | Out-of-bounds Write vulnerability in Dlink Dir-890L Firmware 1.05/1.07B09 The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. | 9.8 |
2022-06-02 | CVE-2022-30797 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 1.0 Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. | 9.8 |
2022-06-02 | CVE-2022-30808 | Elitecms | Unrestricted Upload of File with Dangerous Type vulnerability in Elitecms Elite CMS 1.01 elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. | 9.8 |
2022-06-02 | CVE-2022-30809 | Elitecms | SQL Injection vulnerability in Elitecms Elite CMS 1.01 elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. | 9.8 |
2022-06-02 | CVE-2022-30810 | Elitecms | SQL Injection vulnerability in Elitecms Elite CMS 1.01 elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. | 9.8 |
2022-06-02 | CVE-2022-30813 | Elitecms | SQL Injection vulnerability in Elitecms Elite CMS 1.01 elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. | 9.8 |
2022-06-02 | CVE-2022-30814 | Elitecms | SQL Injection vulnerability in Elitecms Elite CMS 1.01 elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. | 9.8 |
2022-06-02 | CVE-2022-30815 | Elitecms | SQL Injection vulnerability in Elitecms Elite CMS 1.01 elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= | 9.8 |
2022-06-02 | CVE-2022-30816 | Elitecms | SQL Injection vulnerability in Elitecms Elite CMS 1.01 elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. | 9.8 |
2022-06-02 | CVE-2022-30817 | Simple BUS Ticket Booking System Project | SQL Injection vulnerability in Simple BUS Ticket Booking System Project Simple BUS Ticket Booking System 1.0 Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php. | 9.8 |
2022-06-02 | CVE-2022-31327 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2 Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. | 9.8 |
2022-06-02 | CVE-2022-31328 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2 Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. | 9.8 |
2022-06-02 | CVE-2022-31329 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2 Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. | 9.8 |
2022-06-02 | CVE-2022-31335 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2 Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=. | 9.8 |
2022-06-02 | CVE-2022-31336 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2 Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php. | 9.8 |
2022-06-02 | CVE-2022-31337 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2 Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=. | 9.8 |
2022-06-02 | CVE-2022-31338 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2 Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. | 9.8 |
2022-06-02 | CVE-2022-31340 | Simple Inventory System Project | SQL Injection vulnerability in Simple Inventory System Project Simple Inventory System 1.0 Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php. | 9.8 |
2022-06-02 | CVE-2022-31343 | Online CAR Wash Booking System Project | SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. | 9.8 |
2022-06-02 | CVE-2022-31344 | Online CAR Wash Booking System Project | SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. | 9.8 |
2022-06-02 | CVE-2022-31345 | Online CAR Wash Booking System Project | SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. | 9.8 |
2022-06-02 | CVE-2022-31346 | Online CAR Wash Booking System Project | SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. | 9.8 |
2022-06-02 | CVE-2022-31347 | Online CAR Wash Booking System Project | SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. | 9.8 |
2022-06-02 | CVE-2022-31348 | Online CAR Wash Booking System Project | SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31350 | Online CAR Wash Booking System Project | SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31351 | Online CAR Wash Booking System Project | SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0 Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31352 | Online CAR Wash Booking System Project | SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0 Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31353 | Online CAR Wash Booking System Project | SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31354 | Online CAR Wash Booking System Project | SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0 Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. | 9.8 |
2022-06-02 | CVE-2022-31799 | Bottlepy Debian Fedoraproject | Improper Handling of Exceptional Conditions vulnerability in multiple products Bottle before 0.12.20 mishandles errors during early request binding. | 9.8 |
2022-06-02 | CVE-2022-31946 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team. | 9.8 |
2022-06-02 | CVE-2022-31948 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report. | 9.8 |
2022-06-02 | CVE-2022-31951 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type. | 9.8 |
2022-06-02 | CVE-2022-31952 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident. | 9.8 |
2022-06-02 | CVE-2022-31953 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31956 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31957 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31959 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31961 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31962 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31964 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31965 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=. | 9.8 |
2022-06-02 | CVE-2022-31969 | Chatbot APP With Suggestion Project | SQL Injection vulnerability in Chatbot APP With Suggestion Project Chatbot APP With Suggestion 1.0 ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=. | 9.8 |
2022-06-02 | CVE-2022-31976 | Online Fire Reporting System Project | SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request. | 9.8 |
2022-06-02 | CVE-2022-31977 | Online Fire Reporting System Project | SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team. | 9.8 |
2022-06-02 | CVE-2022-31978 | Online Fire Reporting System Project | SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry. | 9.8 |
2022-06-01 | CVE-2022-29875 | Siemens | Deserialization of Untrusted Data vulnerability in Siemens products A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). | 9.8 |
2022-05-31 | CVE-2022-31013 | Chat Server Project | Improper Input Validation vulnerability in Chat Server Project Chat Server Chat Server is the chat server for Vartalap, an open-source messaging application. | 9.8 |
2022-05-31 | CVE-2022-31003 | Signalwire Debian | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. | 9.8 |
2022-05-30 | CVE-2022-1556 | Era404 | Unspecified vulnerability in Era404 Stafflist The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection | 9.8 |
2022-06-03 | CVE-2022-32271 | Realnetworks | Cross-site Scripting vulnerability in Realnetworks Realplayer 20.0.8.310 In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. | 9.6 |
2022-06-02 | CVE-2021-33473 | Dragonfly Project | Argument Injection or Modification vulnerability in Dragonfly Project Dragonfly 1.3.0 An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. | 9.1 |
2022-06-02 | CVE-2022-31945 | Rescue Dispatch Management System Project | Unspecified vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img. | 9.1 |
169 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-06-05 | CVE-2022-32291 | Realnetworks | Unspecified vulnerability in Realnetworks Realplayer In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. | 8.8 |
2022-06-03 | CVE-2022-29778 | Dlink | Unspecified vulnerability in Dlink Dir-890L Firmware D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php | 8.8 |
2022-06-03 | CVE-2022-26493 | Drupal | Improper Certificate Validation vulnerability in Drupal Saml SP 2.0 Single Sign on Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. | 8.8 |
2022-06-03 | CVE-2022-32268 | Starwindsoftware | Unspecified vulnerability in Starwindsoftware Starwind SAN & NAS 0.2 StarWind SAN and NAS v0.2 build 1914 allow remote code execution. | 8.8 |
2022-06-02 | CVE-2022-30232 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Powerlogic ION Setup Firmware A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. | 8.8 |
2022-06-02 | CVE-2022-30238 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. | 8.8 |
2022-06-02 | CVE-2022-31462 | Owllabs | Use of Hard-coded Credentials vulnerability in Owllabs Meeting OWL PRO Firmware 5.2.0.15 Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. | 8.8 |
2022-06-02 | CVE-2021-45982 | Netscout | Unrestricted Upload of File with Dangerous Type vulnerability in Netscout Ngeniusone 6.3.2 NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user. | 8.8 |
2022-06-02 | CVE-2020-20971 | Pbootcms | Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 2.0.3 Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. | 8.8 |
2022-06-02 | CVE-2021-32546 | Gogs | Unspecified vulnerability in Gogs Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. | 8.8 |
2022-06-02 | CVE-2021-34078 | ADP | OS Command Injection vulnerability in ADP Lifion-Verifiy-Dependencies lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file. | 8.8 |
2022-06-02 | CVE-2021-34081 | Gitsome Project | OS Command Injection vulnerability in Gitsome Project Gitsome OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository. | 8.8 |
2022-06-02 | CVE-2022-22767 | BD | Insufficiently Protected Credentials vulnerability in BD products Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. | 8.8 |
2022-06-02 | CVE-2022-28799 | Tiktok | Forced Browsing vulnerability in Tiktok The TikTok application before 23.7.3 for Android allows account takeover. | 8.8 |
2022-06-02 | CVE-2022-29624 | Tpcms Project | Unrestricted Upload of File with Dangerous Type vulnerability in Tpcms Project Tpcms 3.2 An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 |
2022-06-02 | CVE-2022-29647 | Mingsoft | Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7 An issue was discovered in MCMS 5.2.7. | 8.8 |
2022-06-02 | CVE-2022-29725 | Creatiwity | Unrestricted Upload of File with Dangerous Type vulnerability in Creatiwity Witycms 0.6.2 An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 |
2022-06-02 | CVE-2022-29735 | Deltacontrols | Cross-Site Request Forgery (CSRF) vulnerability in Deltacontrols Entelitouch Firmware 3.33.4005/3.40.3706/3.40.3935 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. | 8.8 |
2022-06-02 | CVE-2022-30425 | Tenda | OS Command Injection vulnerability in Tenda HG6 Firmware 3.3.0210926 Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. | 8.8 |
2022-06-02 | CVE-2022-30819 | Wedding Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Management System Project Wedding Management System 1.0 In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. | 8.8 |
2022-06-02 | CVE-2022-30820 | Wedding Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Management System Project Wedding Management System 1.0 In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. | 8.8 |
2022-06-02 | CVE-2022-30821 | Wedding Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Management System Project Wedding Management System 1.0 In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file. | 8.8 |
2022-06-02 | CVE-2022-30822 | Wedding Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Management System Project Wedding Management System 1.0 In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file. | 8.8 |
2022-06-01 | CVE-2022-24848 | Dhis2 | SQL Injection vulnerability in Dhis2 Dhis 2 DHIS2 is an information system for data capture, management, validation, analytics and visualization. | 8.8 |
2022-05-31 | CVE-2022-1808 | Trudesk Project | Unspecified vulnerability in Trudesk Project Trudesk Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. | 8.8 |
2022-05-31 | CVE-2021-3555 | Eufylife | Classic Buffer Overflow vulnerability in Eufylife products A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. | 8.8 |
2022-05-30 | CVE-2022-1611 | Bulk Page Creator Project | Unspecified vulnerability in Bulk Page Creator Project Bulk Page Creator The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF. | 8.8 |
2022-06-02 | CVE-2022-1797 | Rockwellautomation | Unspecified vulnerability in Rockwellautomation products A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. | 8.6 |
2022-06-02 | CVE-2022-30034 | Flower Project | Improper Authentication vulnerability in Flower Project Flower Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. | 8.6 |
2022-06-02 | CVE-2022-30236 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. | 8.2 |
2022-06-03 | CVE-2022-1987 | Libmobi Project | Out-of-bounds Read vulnerability in Libmobi Project Libmobi Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | 8.1 |
2022-06-02 | CVE-2021-34083 | Google IT Project | OS Command Injection vulnerability in Google-It Project Google-It Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. | 8.1 |
2022-06-02 | CVE-2022-27778 | Haxx Netapp Oracle Splunk | Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | 8.1 |
2022-05-31 | CVE-2022-1931 | Trudesk Project | Improper Synchronization vulnerability in Trudesk Project Trudesk Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. | 8.1 |
2022-06-02 | CVE-2022-26867 | Dell | Improper Neutralization of Formula Elements in a CSV File vulnerability in Dell Powerstoreos PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. | 8.0 |
2022-06-02 | CVE-2022-29594 | Eginnovations | Improper Preservation of Permissions vulnerability in Eginnovations products eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. | 7.8 |
2022-06-02 | CVE-2022-22557 | Dell | Insufficiently Protected Credentials vulnerability in Dell Powerstoreos PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. | 7.8 |
2022-06-02 | CVE-2022-26868 | Dell | OS Command Injection vulnerability in Dell Powerstoreos Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. | 7.8 |
2022-06-02 | CVE-2022-32250 | Linux Fedoraproject Debian Netapp | Use After Free vulnerability in multiple products net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. | 7.8 |
2022-06-02 | CVE-2022-32200 | Libdwarf Project | Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf 0.4.0 libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. | 7.8 |
2022-06-02 | CVE-2021-26635 | Bandisoft | Type Confusion vulnerability in Bandisoft ARK Library In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. | 7.8 |
2022-06-02 | CVE-2021-42195 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20201222. | 7.8 |
2022-06-02 | CVE-2021-42197 | Swftools | Memory Leak vulnerability in Swftools An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. | 7.8 |
2022-06-02 | CVE-2021-42199 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20201222. | 7.8 |
2022-06-02 | CVE-2021-42201 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20201222. | 7.8 |
2022-06-02 | CVE-2021-42203 | Swftools | Use After Free vulnerability in Swftools An issue was discovered in swftools through 20201222. | 7.8 |
2022-06-02 | CVE-2021-42204 | Swftools | Out-of-bounds Write vulnerability in Swftools An issue was discovered in swftools through 20201222. | 7.8 |
2022-06-02 | CVE-2022-1215 | Freedesktop | Use of Externally-Controlled Format String vulnerability in Freedesktop Libinput A format string vulnerability was found in libinput | 7.8 |
2022-06-02 | CVE-2022-1419 | Linux Debian | Use After Free vulnerability in multiple products The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. | 7.8 |
2022-06-02 | CVE-2022-1652 | Linux Redhat Debian Netapp | Use After Free vulnerability in multiple products Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. | 7.8 |
2022-06-02 | CVE-2022-1786 | Linux Netapp | Type Confusion vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. | 7.8 |
2022-06-02 | CVE-2022-1943 | Linux | Out-of-bounds Write vulnerability in Linux Kernel A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). | 7.8 |
2022-06-02 | CVE-2022-1968 | VIM Debian Apple | Use After Free in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-06-02 | CVE-2022-24701 | Winaprs | Classic Buffer Overflow vulnerability in Winaprs 2.9.0 An issue was discovered in WinAPRS 2.9.0. | 7.8 |
2022-06-02 | CVE-2022-27184 | Hornerautomation | Out-of-bounds Write vulnerability in Hornerautomation Cscape The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. | 7.8 |
2022-06-02 | CVE-2022-28690 | Hornerautomation | Access of Uninitialized Pointer vulnerability in Hornerautomation Cscape The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. | 7.8 |
2022-06-02 | CVE-2022-29483 | ABB | Incorrect Default Permissions vulnerability in ABB E-Design Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | 7.8 |
2022-06-02 | CVE-2022-29488 | Hornerautomation | Access of Uninitialized Pointer vulnerability in Hornerautomation Cscape The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. | 7.8 |
2022-06-02 | CVE-2022-29692 | Unicorn Engine | Use After Free vulnerability in Unicorn-Engine Unicorn Engine 1.0.3 Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. | 7.8 |
2022-06-02 | CVE-2022-30540 | Hornerautomation | Access of Uninitialized Pointer vulnerability in Hornerautomation Cscape The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code | 7.8 |
2022-06-02 | CVE-2022-31500 | Knime | Incorrect Default Permissions vulnerability in Knime Analytics Platform In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | 7.8 |
2022-06-02 | CVE-2022-31782 | Freedesktop | Out-of-bounds Write vulnerability in Freedesktop Freetype Demo Programs ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. | 7.8 |
2022-05-31 | CVE-2022-31011 | Pingcap | Unspecified vulnerability in Pingcap Tidb 5.3.0 TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. | 7.8 |
2022-05-31 | CVE-2022-1942 | VIM Fedoraproject Apple Debian | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-05-31 | CVE-2022-1934 | Mruby | Use After Free vulnerability in Mruby Use After Free in GitHub repository mruby/mruby prior to 3.2. | 7.8 |
2022-06-03 | CVE-2021-42893 | Totolink | Missing Authentication for Critical Function vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. | 7.5 |
2022-06-03 | CVE-2021-42891 | Totolink | Missing Authentication for Critical Function vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. | 7.5 |
2022-06-03 | CVE-2021-42889 | Totolink | Missing Authentication for Critical Function vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. | 7.5 |
2022-06-03 | CVE-2021-42886 | Totolink | Information Exposure vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. | 7.5 |
2022-06-02 | CVE-2022-30237 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. | 7.5 |
2022-06-02 | CVE-2022-22556 | Dell | Resource Exhaustion vulnerability in Dell Powerstoreos Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. | 7.5 |
2022-06-02 | CVE-2021-42877 | Totolink | Unspecified vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | 7.5 |
2022-06-02 | CVE-2022-31023 | Lightbend | Unspecified vulnerability in Lightbend Play Framework Play Framework is a web framework for Java and Scala. | 7.5 |
2022-06-02 | CVE-2022-31018 | Lightbend | Unspecified vulnerability in Lightbend Play Framework Play Framework is a web framework for Java and Scala. | 7.5 |
2022-06-02 | CVE-2021-33254 | Embedthis | NULL Pointer Dereference vulnerability in Embedthis Appweb 8.2.1 An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function. | 7.5 |
2022-06-02 | CVE-2021-33615 | RSA | Unrestricted Upload of File with Dangerous Type vulnerability in RSA Archer RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. | 7.5 |
2022-06-02 | CVE-2021-40186 | Dnnsoftware | Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. | 7.5 |
2022-06-02 | CVE-2021-43306 | Jqueryvalidation | Unspecified vulnerability in Jqueryvalidation Jquery Validation An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method | 7.5 |
2022-06-02 | CVE-2021-43307 | Semver Regex Project | Unspecified vulnerability in Semver-Regex Project Semver-Regex An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method | 7.5 |
2022-06-02 | CVE-2021-43308 | Markdown Link Extractor Project | Unspecified vulnerability in Markdown-Link-Extractor Project Markdown-Link-Extractor An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function | 7.5 |
2022-06-02 | CVE-2022-1661 | Keysight | Path Traversal vulnerability in Keysight N6841A RF Firmware and N6854A Firmware The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. | 7.5 |
2022-06-02 | CVE-2022-1929 | Devcert Project | Unspecified vulnerability in Devcert Project Devcert An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method | 7.5 |
2022-06-02 | CVE-2022-1949 | Redhat Fedoraproject | Authorization Bypass Through User-Controlled Key vulnerability in multiple products An access control bypass vulnerability found in 389-ds-base. | 7.5 |
2022-06-02 | CVE-2022-24241 | Aceware | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aceware Aceweb Online Portal 3.5.065 ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. | 7.5 |
2022-06-02 | CVE-2022-24581 | Aceware | Unrestricted Upload of File with Dangerous Type vulnerability in Aceware Aceweb Online Portal ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. | 7.5 |
2022-06-02 | CVE-2022-24700 | Winaprs | Classic Buffer Overflow vulnerability in Winaprs 2.9.0 An issue was discovered in WinAPRS 2.9.0. | 7.5 |
2022-06-02 | CVE-2022-26975 | Barco | Improper Authentication vulnerability in Barco Control Room Management Suite Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. | 7.5 |
2022-06-02 | CVE-2022-27775 | Haxx Debian Netapp Brocade Splunk | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. | 7.5 |
2022-06-02 | CVE-2022-27780 | Haxx Netapp Splunk | Server-Side Request Forgery (SSRF) vulnerability in multiple products The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. | 7.5 |
2022-06-02 | CVE-2022-27781 | Haxx Debian Netapp Splunk | Infinite Loop vulnerability in multiple products libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. | 7.5 |
2022-06-02 | CVE-2022-27782 | Haxx Debian Splunk | Improper Certificate Validation vulnerability in multiple products libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. | 7.5 |
2022-06-02 | CVE-2022-29693 | Unicorn Engine | Memory Leak vulnerability in Unicorn-Engine Unicorn Engine Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. | 7.5 |
2022-06-02 | CVE-2022-29694 | Unicorn Engine | NULL Pointer Dereference vulnerability in Unicorn-Engine Unicorn Engine Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. | 7.5 |
2022-06-02 | CVE-2022-29695 | Unicorn Engine | Improper Initialization vulnerability in Unicorn-Engine Unicorn Engine Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. | 7.5 |
2022-06-02 | CVE-2022-29729 | Verizon | Weak Password Requirements vulnerability in Verizon 4G LTE Network Extender Firmware 0.4.038.2131/Ga4.38 Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | 7.5 |
2022-06-02 | CVE-2022-30496 | MV | SQL Injection vulnerability in MV Idce 1.0 SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information. | 7.5 |
2022-06-02 | CVE-2022-31004 | Mitre | Cleartext Storage of Sensitive Information vulnerability in Mitre Cve-Services CVEProject/cve-services is an open source project used to operate the CVE services API. | 7.5 |
2022-06-01 | CVE-2022-29169 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 7.5 |
2022-06-01 | CVE-2020-26184 | Dell Oracle | Improper Certificate Validation vulnerability in multiple products Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability. | 7.5 |
2022-06-01 | CVE-2020-26185 | Dell Oracle | Out-of-bounds Read vulnerability in multiple products Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability. | 7.5 |
2022-06-01 | CVE-2022-29098 | Dell | Weak Password Requirements vulnerability in Dell Powerscale Onefs Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. | 7.5 |
2022-05-31 | CVE-2022-31001 | Signalwire Debian | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. | 7.5 |
2022-05-31 | CVE-2022-31005 | Vapor | Unspecified vulnerability in Vapor Vapor is an HTTP web framework for Swift. | 7.5 |
2022-05-31 | CVE-2022-31002 | Signalwire Debian | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. | 7.5 |
2022-05-31 | CVE-2022-23082 | Mend | Path Traversal vulnerability in Mend Curekit In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal. | 7.5 |
2022-05-30 | CVE-2022-1589 | Change WP Admin Login Project | Incorrect Authorization vulnerability in Change Wp-Admin Login Project Change Wp-Admin Login The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. | 7.5 |
2022-06-02 | CVE-2022-31460 | Owllabs | Use of Hard-coded Credentials vulnerability in Owllabs Meeting OWL PRO Firmware 5.2.0.15 Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. | 7.4 |
2022-06-02 | CVE-2022-31985 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=. | 7.2 |
2022-06-02 | CVE-2022-31986 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=. | 7.2 |
2022-06-02 | CVE-2022-31988 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=. | 7.2 |
2022-06-02 | CVE-2022-31992 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=. | 7.2 |
2022-06-02 | CVE-2022-31994 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id. | 7.2 |
2022-06-02 | CVE-2022-32007 | Complete Online JOB Search System Project | SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=. | 7.2 |
2022-06-02 | CVE-2022-32008 | Complete Online JOB Search System Project | SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=. | 7.2 |
2022-06-02 | CVE-2022-32010 | Complete Online JOB Search System Project | SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=. | 7.2 |
2022-06-02 | CVE-2022-32011 | Complete Online JOB Search System Project | SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=. | 7.2 |
2022-06-02 | CVE-2022-32012 | Complete Online JOB Search System Project | SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=. | 7.2 |
2022-06-02 | CVE-2022-32013 | Complete Online JOB Search System Project | SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=. | 7.2 |
2022-06-02 | CVE-2022-32014 | Complete Online JOB Search System Project | SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction. | 7.2 |
2022-06-02 | CVE-2022-32015 | Complete Online JOB Search System Project | SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=. | 7.2 |
2022-06-02 | CVE-2022-32016 | Complete Online JOB Search System Project | SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany. | 7.2 |
2022-06-02 | CVE-2022-32017 | Complete Online JOB Search System Project | SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle. | 7.2 |
2022-06-02 | CVE-2022-32018 | Complete Online JOB Search System Project | SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0 Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=. | 7.2 |
2022-06-02 | CVE-2022-32021 | CAR Rental Management System Project | SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=. | 7.2 |
2022-06-02 | CVE-2022-32022 | CAR Rental Management System Project | SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0 Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login. | 7.2 |
2022-06-02 | CVE-2022-32024 | CAR Rental Management System Project | SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0 Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=. | 7.2 |
2022-06-02 | CVE-2022-32025 | CAR Rental Management System Project | SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=. | 7.2 |
2022-06-02 | CVE-2022-32026 | CAR Rental Management System Project | SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=. | 7.2 |
2022-06-02 | CVE-2022-32027 | CAR Rental Management System Project | SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=. | 7.2 |
2022-06-02 | CVE-2022-32028 | CAR Rental Management System Project | SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0 Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=. | 7.2 |
2022-06-02 | CVE-2022-31996 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=. | 7.2 |
2022-06-02 | CVE-2022-31998 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=. | 7.2 |
2022-06-02 | CVE-2022-32000 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=. | 7.2 |
2022-06-02 | CVE-2022-32001 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=. | 7.2 |
2022-06-02 | CVE-2022-32003 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=. | 7.2 |
2022-06-02 | CVE-2022-32004 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=. | 7.2 |
2022-06-02 | CVE-2022-32005 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=. | 7.2 |
2022-06-02 | CVE-2022-32006 | Badminton Center Management System Project | SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0 Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=. | 7.2 |
2022-06-02 | CVE-2022-31980 | Online Fire Reporting System Project | SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=. | 7.2 |
2022-06-02 | CVE-2022-31981 | Online Fire Reporting System Project | SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=. | 7.2 |
2022-06-02 | CVE-2022-31982 | Online Fire Reporting System Project | SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=. | 7.2 |
2022-06-02 | CVE-2022-31983 | Online Fire Reporting System Project | SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=. | 7.2 |
2022-06-02 | CVE-2022-31984 | Online Fire Reporting System Project | SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=. | 7.2 |
2022-06-02 | CVE-2021-44080 | Sercomm | OS Command Injection vulnerability in Sercomm H500S Firmware Lowih500Sv3.4.22 A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint. | 7.2 |
2022-06-02 | CVE-2022-30794 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 1.0 Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. | 7.2 |
2022-06-02 | CVE-2022-30795 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 1.0 Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. | 7.2 |
2022-06-02 | CVE-2022-30798 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 1.0 Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. | 7.2 |
2022-06-02 | CVE-2022-30799 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 1.0 Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. | 7.2 |
2022-06-02 | CVE-2022-30818 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31. | 7.2 |
2022-06-02 | CVE-2022-30823 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php. | 7.2 |
2022-06-02 | CVE-2022-30825 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php. | 7.2 |
2022-06-02 | CVE-2022-30826 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php. | 7.2 |
2022-06-02 | CVE-2022-30827 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php. | 7.2 |
2022-06-02 | CVE-2022-30828 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php. | 7.2 |
2022-06-02 | CVE-2022-30829 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\users_edit.php. | 7.2 |
2022-06-02 | CVE-2022-30830 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\feature_edit.php. | 7.2 |
2022-06-02 | CVE-2022-30831 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php. | 7.2 |
2022-06-02 | CVE-2022-30832 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=. | 7.2 |
2022-06-02 | CVE-2022-30833 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=. | 7.2 |
2022-06-02 | CVE-2022-30834 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id= | 7.2 |
2022-06-02 | CVE-2022-30835 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection. | 7.2 |
2022-06-02 | CVE-2022-30836 | Wedding Management System Project | SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0 Wedding Management System v1.0 is vulnerable to SQL Injection. | 7.2 |
2022-06-02 | CVE-2022-31339 | Simple Inventory System Project | SQL Injection vulnerability in Simple Inventory System Project Simple Inventory System 1.0 Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php. | 7.2 |
2022-06-02 | CVE-2022-31970 | Chatbot APP With Suggestion Project | SQL Injection vulnerability in Chatbot APP With Suggestion Project Chatbot APP With Suggestion 1.0 ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=. | 7.2 |
2022-06-02 | CVE-2022-31971 | Chatbot APP With Suggestion Project | SQL Injection vulnerability in Chatbot APP With Suggestion Project Chatbot APP With Suggestion 1.0 ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=. | 7.2 |
2022-06-02 | CVE-2022-31974 | Online Fire Reporting System Project | SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. | 7.2 |
2022-06-02 | CVE-2022-31975 | Online Fire Reporting System Project | SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=. | 7.2 |
2022-05-31 | CVE-2022-31007 | Elabftw | Unspecified vulnerability in Elabftw eLabFTW is an electronic lab notebook manager for research teams. | 7.2 |
2022-06-02 | CVE-2022-31463 | Owllabs | Improper Authentication vulnerability in Owllabs Meeting OWL PRO Firmware 5.2.0.15 Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used. | 7.1 |
123 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-06-03 | CVE-2021-43271 | Riverbed | Information Exposure Through Log Files vulnerability in Riverbed Appresponse Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. | 6.8 |
2022-06-02 | CVE-2022-1789 | Linux Fedoraproject Redhat Debian | NULL Pointer Dereference vulnerability in multiple products With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. | 6.8 |
2022-06-02 | CVE-2022-29085 | Dell | Insufficiently Protected Credentials vulnerability in Dell products Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. | 6.7 |
2022-06-03 | CVE-2022-29773 | Aleksis | Unspecified vulnerability in Aleksis An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. | 6.5 |
2022-06-03 | CVE-2022-29767 | Adbyby Project | Allocation of Resources Without Limits or Throttling vulnerability in Adbyby Project Adbyby 2.7 adbyby v2.7 allows external users to make connections via port 8118. | 6.5 |
2022-06-02 | CVE-2022-30233 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. | 6.5 |
2022-06-02 | CVE-2022-31459 | Owllabs | Inadequate Encryption Strength vulnerability in Owllabs Meeting OWL PRO Firmware 5.2.0.15 Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth. | 6.5 |
2022-06-02 | CVE-2022-31461 | Owllabs | Missing Authentication for Critical Function vulnerability in Owllabs Meeting OWL PRO Firmware 5.2.0.15 Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message. | 6.5 |
2022-06-02 | CVE-2022-31024 | Nextcloud | Unspecified vulnerability in Nextcloud Richdocuments richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. | 6.5 |
2022-06-02 | CVE-2022-1982 | Mattermost | Resource Exhaustion vulnerability in Mattermost Server Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post. | 6.5 |
2022-06-02 | CVE-2022-26944 | Percona | Unspecified vulnerability in Percona Xtrabackup 2.4.20 Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. | 6.5 |
2022-06-02 | CVE-2022-29597 | Solutions Atlantic | Path Traversal vulnerability in Solutions-Atlantic Regulatory Reporting System 500 Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). | 6.5 |
2022-06-02 | CVE-2022-27776 | Haxx Fedoraproject Debian Netapp Brocade Splunk | Insufficiently Protected Credentials vulnerability in multiple products A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | 6.5 |
2022-06-02 | CVE-2022-29788 | Libmobi Project | NULL Pointer Dereference vulnerability in Libmobi Project Libmobi libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. | 6.5 |
2022-06-02 | CVE-2022-30804 | Elitecms | Path Traversal vulnerability in Elitecms Elite CMS 1.01 elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. | 6.5 |
2022-06-02 | CVE-2022-31342 | Online CAR Wash Booking System Project | Unspecified vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0 Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. | 6.5 |
2022-06-02 | CVE-2022-31796 | Jpeg | Out-of-bounds Read vulnerability in Jpeg Libjpeg 1.63 libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. | 6.5 |
2022-06-02 | CVE-2022-31966 | Chatbot APP With Suggestion Project | Unspecified vulnerability in Chatbot APP With Suggestion Project Chatbot APP With Suggestion 1.0 ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img. | 6.5 |
2022-06-02 | CVE-2022-31973 | Online Fire Reporting System Project | Unspecified vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img. | 6.5 |
2022-06-01 | CVE-2022-29232 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 6.5 |
2022-06-01 | CVE-2022-1285 | Gogs | Server-Side Request Forgery (SSRF) vulnerability in Gogs Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. | 6.5 |
2022-05-31 | CVE-2022-1947 | Trudesk Project | Unspecified vulnerability in Trudesk Project Trudesk Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. | 6.5 |
2022-05-31 | CVE-2022-22361 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2022-05-31 | CVE-2022-29220 | Fastify | Insufficient Verification of Data Authenticity vulnerability in Fastify Github Action Merge Dependabot github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). | 6.5 |
2022-05-30 | CVE-2022-1583 | Webfactoryltd | Unspecified vulnerability in Webfactoryltd External Links in NEW Window / NEW TAB The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur. | 6.5 |
2022-06-02 | CVE-2022-1462 | Linux Redhat Debian | An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. | 6.3 |
2022-06-03 | CVE-2022-1988 | Facturascripts | Cross-site Scripting vulnerability in Facturascripts Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. | 6.1 |
2022-06-02 | CVE-2022-29718 | Caddyserver | Open Redirect vulnerability in Caddyserver Caddy Caddy v2.4 was discovered to contain an open redirect vulnerability. | 6.1 |
2022-06-02 | CVE-2022-23237 | Netapp | Open Redirect vulnerability in Netapp E-Series Santricity OS Controller E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. | 6.1 |
2022-06-02 | CVE-2022-24238 | Aceware | Cross-site Scripting vulnerability in Aceware Aceweb Online Portal 3.5.065 ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. | 6.1 |
2022-06-02 | CVE-2022-26972 | Barco | Cross-site Scripting vulnerability in Barco Control Room Management Suite Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. | 6.1 |
2022-06-02 | CVE-2022-26974 | Barco | Cross-site Scripting vulnerability in Barco Control Room Management Suite Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. | 6.1 |
2022-06-02 | CVE-2022-26977 | Barco | Cross-site Scripting vulnerability in Barco Control Room Management Suite Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. | 6.1 |
2022-06-02 | CVE-2022-26978 | Barco | Cross-site Scripting vulnerability in Barco Control Room Management Suite Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. | 6.1 |
2022-06-02 | CVE-2022-29540 | Resi | Cross-site Scripting vulnerability in Resi Gemini-Net 4.2 resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. | 6.1 |
2022-06-02 | CVE-2022-29598 | Solutions Atlantic | Cross-site Scripting vulnerability in Solutions-Atlantic Regulatory Reporting System 500 Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . | 6.1 |
2022-06-02 | CVE-2022-29653 | Ofcms Project | Cross-site Scripting vulnerability in Ofcms Project Ofcms 1.1.4 OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. | 6.1 |
2022-06-02 | CVE-2022-29711 | Librenms | Cross-site Scripting vulnerability in Librenms 22.3.0 LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. | 6.1 |
2022-06-02 | CVE-2022-29732 | Deltacontrols | Cross-site Scripting vulnerability in Deltacontrols Entelitouch Firmware 3.33.4005/3.40.3706/3.40.3935 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. | 6.1 |
2022-06-02 | CVE-2022-30349 | Sscms | Cross-site Scripting vulnerability in Sscms Siteserver CMS 6.15.51 siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
2022-06-02 | CVE-2022-30513 | School Dormitory Management System Project | Cross-site Scripting vulnerability in School Dormitory Management System Project School Dormitory Management System 1.0 School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | 6.1 |
2022-06-02 | CVE-2022-30514 | School Dormitory Management System Project | Cross-site Scripting vulnerability in School Dormitory Management System Project School Dormitory Management System 1.0 School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | 6.1 |
2022-05-31 | CVE-2022-29258 | Xwiki | Cross-site Scripting vulnerability in Xwiki XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. | 6.1 |
2022-05-30 | CVE-2022-1009 | Wpmudev | Unspecified vulnerability in Wpmudev Smush Image Compression and Optimization The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. | 6.1 |
2022-05-30 | CVE-2022-1527 | Wpwhitesecurity | Unspecified vulnerability in Wpwhitesecurity WP 2FA The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-05-30 | CVE-2022-1528 | Vikwp | Unspecified vulnerability in Vikwp VIK Booking The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-05-30 | CVE-2022-1582 | Webfactoryltd | Unspecified vulnerability in Webfactoryltd External Links in NEW Window / NEW TAB The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. | 6.1 |
2022-06-02 | CVE-2022-26491 | Pidgin Debian | Improper Certificate Validation vulnerability in multiple products An issue was discovered in Pidgin before 2.14.9. | 5.9 |
2022-06-02 | CVE-2022-29733 | Deltacontrols | Cleartext Transmission of Sensitive Information vulnerability in Deltacontrols Entelitouch Firmware 3.33.4005/3.40.3706/3.40.3935 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. | 5.9 |
2022-05-31 | CVE-2022-31015 | Agendaless | Unspecified vulnerability in Agendaless Waitress 2.1.0/2.1.1 Waitress is a Web Server Gateway Interface server for Python 2 and 3. | 5.9 |
2022-05-31 | CVE-2022-29245 | SSH NET Project | Unspecified vulnerability in Ssh.Net Project Ssh.Net 2020.0.0/2020.0.1 SSH.NET is a Secure Shell (SSH) library for .NET. | 5.9 |
2022-06-02 | CVE-2022-27774 | Haxx Debian Netapp Brocade Splunk | Insufficiently Protected Credentials vulnerability in multiple products An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | 5.7 |
2022-06-02 | CVE-2022-30277 | BD | Insufficient Session Expiration vulnerability in BD Synapsys 4.20/4.30 BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. | 5.7 |
2022-06-02 | CVE-2022-26866 | Dell | Cross-site Scripting vulnerability in Dell Powerstoreos Dell PowerStore Versions before v2.1.1.0. | 5.5 |
2022-06-02 | CVE-2022-32201 | Libjpeg Project | NULL Pointer Dereference vulnerability in Libjpeg Project Libjpeg 1.63 In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. | 5.5 |
2022-06-02 | CVE-2022-32202 | Libjpeg Project | NULL Pointer Dereference vulnerability in Libjpeg Project Libjpeg 1.63 In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. | 5.5 |
2022-06-02 | CVE-2021-42196 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20201222. | 5.5 |
2022-06-02 | CVE-2021-42198 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20201222. | 5.5 |
2022-06-02 | CVE-2021-42200 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20201222. | 5.5 |
2022-06-02 | CVE-2021-42202 | Swftools | NULL Pointer Dereference vulnerability in Swftools An issue was discovered in swftools through 20201222. | 5.5 |
2022-06-02 | CVE-2021-43512 | Flightradar24 | Insecure Storage of Sensitive Information vulnerability in Flightradar24 Flight Tracker An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys. | 5.5 |
2022-06-02 | CVE-2022-28702 | ABB | Incorrect Default Permissions vulnerability in ABB E-Design Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | 5.5 |
2022-06-02 | CVE-2022-29779 | Nginx | Unspecified vulnerability in Nginx NJS 0.7.2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | 5.5 |
2022-06-02 | CVE-2022-29780 | Nginx | Unspecified vulnerability in Nginx NJS 0.7.2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. | 5.5 |
2022-06-02 | CVE-2022-30503 | Nginx | Unspecified vulnerability in Nginx NJS 0.7.2 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. | 5.5 |
2022-06-02 | CVE-2022-31783 | Liblouis Fedoraproject | Out-of-bounds Write vulnerability in multiple products Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. | 5.5 |
2022-06-01 | CVE-2022-31022 | Couchbase | Unspecified vulnerability in Couchbase Bleve Bleve is a text indexing library for go. | 5.5 |
2022-05-31 | CVE-2022-30973 | Apache | Unspecified vulnerability in Apache Tika We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. | 5.5 |
2022-06-03 | CVE-2022-29770 | Xuxueli | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.3.0 XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | 5.4 |
2022-06-02 | CVE-2021-38221 | BBS GO Project | Cross-site Scripting vulnerability in Bbs-Go Project Bbs-Go bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. | 5.4 |
2022-06-02 | CVE-2022-26497 | Bigbluebutton | Cross-site Scripting vulnerability in Bigbluebutton Greenlight 2.11.1 BigBlueButton Greenlight 2.11.1 allows XSS. | 5.4 |
2022-06-02 | CVE-2022-30429 | Neos | Cross-site Scripting vulnerability in Neos CMS Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. | 5.4 |
2022-06-02 | CVE-2022-24967 | Blackrainbow | Cross-site Scripting vulnerability in Blackrainbow Nimbus 3.4.0 Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). | 5.4 |
2022-06-02 | CVE-2022-26976 | Barco | Cross-site Scripting vulnerability in Barco Control Room Management Suite Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. | 5.4 |
2022-06-02 | CVE-2022-29628 | Online Market Place Site Project | Cross-site Scripting vulnerability in Online Market Place Site Project Online Market Place Site 1.0 A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. | 5.4 |
2022-06-02 | CVE-2022-29648 | Jflyfox | Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0 A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | 5.4 |
2022-06-02 | CVE-2022-29734 | ICT | Cross-site Scripting vulnerability in ICT Protege GX and Protege WX A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | 5.4 |
2022-06-02 | CVE-2022-30999 | Friendsofflarum | Unspecified vulnerability in Friendsofflarum Upload FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. | 5.4 |
2022-05-30 | CVE-2022-0642 | Jivochat | Unspecified vulnerability in Jivochat The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript. | 5.4 |
2022-05-30 | CVE-2022-1562 | Room 34 Creative Services | Unspecified vulnerability in Room 34 Creative Services Enable SVG The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads | 5.4 |
2022-06-03 | CVE-2022-29784 | Publiccms | Unspecified vulnerability in Publiccms PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. | 5.3 |
2022-06-03 | CVE-2022-32265 | Qdecoder Project | Unspecified vulnerability in Qdecoder Project Qdecoder qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding. | 5.3 |
2022-06-02 | CVE-2022-26971 | Barco | Missing Authentication for Critical Function vulnerability in Barco Control Room Management Suite Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. | 5.3 |
2022-06-02 | CVE-2022-26973 | Barco | Information Exposure Through an Error Message vulnerability in Barco Control Room Management Suite Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. | 5.3 |
2022-06-02 | CVE-2022-27779 | Haxx Netapp Splunk | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. | 5.3 |
2022-06-02 | CVE-2022-29235 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 5.3 |
2022-05-31 | CVE-2022-1893 | Trudesk Project | Unspecified vulnerability in Trudesk Project Trudesk Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3. | 5.3 |
2022-06-02 | CVE-2021-33504 | Couchbase | Unspecified vulnerability in Couchbase Server Couchbase Server before 7.1.0 has Incorrect Access Control. | 4.9 |
2022-05-31 | CVE-2022-1926 | Trudesk Project | Integer Overflow or Wraparound vulnerability in Trudesk Project Trudesk Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3. | 4.9 |
2022-06-02 | CVE-2022-1979 | Product Show Room Site Project | Cross-site Scripting vulnerability in Product Show Room Site Project Product Show Room Site 1.0 A vulnerability was found in SourceCodester Product Show Room Site 1.0. | 4.8 |
2022-06-02 | CVE-2022-1980 | Product Show Room Site Project | Cross-site Scripting vulnerability in Product Show Room Site Project Product Show Room Site 1.0 A vulnerability was found in SourceCodester Product Show Room Site 1.0. | 4.8 |
2022-06-02 | CVE-2021-36866 | Fatcatapps | Unspecified vulnerability in Fatcatapps Easy Pricing Tables Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. | 4.8 |
2022-06-02 | CVE-2022-30482 | Ecommerce Project With PHP AND Mysqli Fruits Bazar Project | Cross-site Scripting vulnerability in Ecommerce-Project-With-PHP-And-Mysqli-Fruits-Bazar Project Ecommerce-Project-With-PHP-And-Mysqli-Fruits-Bazar 1.0 Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. | 4.8 |
2022-06-01 | CVE-2021-27914 | Acquia | Cross-site Scripting vulnerability in Acquia Mautic A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript | 4.8 |
2022-06-01 | CVE-2021-27778 | Hcltech | Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0 HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. | 4.8 |
2022-05-30 | CVE-2022-0376 | User Meta | Unspecified vulnerability in User-Meta User Meta User Profile Builder and User Management The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
2022-05-30 | CVE-2022-1275 | Stillbreathing | Cross-site Scripting vulnerability in Stillbreathing Bannerman The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite) | 4.8 |
2022-05-30 | CVE-2022-1294 | 99Webtools | Unspecified vulnerability in 99Webtools Imdb Info BOX The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
2022-05-30 | CVE-2022-1299 | Slideshow Project | Unspecified vulnerability in Slideshow Project Slideshow The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
2022-05-30 | CVE-2022-1387 | NO Future Posts Project | Unspecified vulnerability in NO Future Posts Project NO Future Posts 1.4 The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | 4.8 |
2022-05-30 | CVE-2022-1395 | Easy FAQ With Expanding Text Project | Unspecified vulnerability in Easy FAQ With Expanding Text Project Easy FAQ With Expanding Text 3.2.8.3.1 The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | 4.8 |
2022-05-30 | CVE-2022-1456 | AYS PRO | Unspecified vulnerability in Ays-Pro Poll Maker The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed | 4.8 |
2022-05-30 | CVE-2022-1542 | Justsystems | Unspecified vulnerability in Justsystems HPB Dashboard The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 4.8 |
2022-05-30 | CVE-2022-1564 | 10Web | Unspecified vulnerability in 10Web Form Maker The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
2022-05-30 | CVE-2022-1566 | Quotes Llama Project | Unspecified vulnerability in Quotes Llama Project Quotes Llama The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 4.8 |
2022-05-30 | CVE-2022-1568 | Wpdarko | Cross-site Scripting vulnerability in Wpdarko Team Members The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
2022-05-30 | CVE-2022-1643 | Birthdays Widget Project | Unspecified vulnerability in Birthdays Widget Project Birthdays Widget 1.7.18 The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | 4.8 |
2022-05-30 | CVE-2022-1644 | Call Book Mobile BAR Project | Cross-site Scripting vulnerability in Call&Book Mobile BAR Project Call&Book Mobile BAR The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 4.8 |
2022-05-30 | CVE-2022-1645 | Amazon Link Project | Unspecified vulnerability in Amazon Link Project Amazon Link 3.2.10 The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 4.8 |
2022-05-30 | CVE-2022-1646 | Simple Real Estate Pack Project | Unspecified vulnerability in Simple Real Estate Pack Project Simple Real Estate Pack The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | 4.8 |
2022-06-02 | CVE-2022-1716 | Kitetech | Unspecified vulnerability in Kitetech Keep MY Notes 1.80.147 Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. | 4.6 |
2022-06-02 | CVE-2022-23236 | Netapp | Cleartext Storage of Sensitive Information vulnerability in Netapp E-Series Santricity OS Controller E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users. | 4.4 |
2022-06-03 | CVE-2021-42892 | Totolink | Use of Hard-coded Credentials vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. | 4.3 |
2022-06-02 | CVE-2021-36890 | Supsystic | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Social Share Buttons Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. | 4.3 |
2022-06-02 | CVE-2022-29627 | Online Market Place Site Project | Authorization Bypass Through User-Controlled Key vulnerability in Online Market Place Site Project Online Market Place Site 1.0 An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. | 4.3 |
2022-06-02 | CVE-2022-29731 | ICT | Use of Password Hash With Insufficient Computational Effort vulnerability in ICT Protege GX Firmware and Protege WX Firmware An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. | 4.3 |
2022-06-02 | CVE-2022-30115 | Haxx Netapp Splunk | Cleartext Transmission of Sensitive Information vulnerability in multiple products Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. | 4.3 |
2022-06-02 | CVE-2022-29233 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 4.3 |
2022-06-02 | CVE-2022-29234 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 4.3 |
2022-06-02 | CVE-2022-29236 | Bigbluebutton | Unspecified vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 4.3 |
2022-06-01 | CVE-2022-31000 | Nebulab | Unspecified vulnerability in Nebulab Solidus solidus_backend is the admin interface for the Solidus e-commerce framework. | 4.3 |
2022-05-31 | CVE-2022-29243 | Nextcloud | Unspecified vulnerability in Nextcloud Server Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. | 4.3 |
2022-05-30 | CVE-2022-1203 | Content Mask Project | Missing Authorization vulnerability in Content Mask Project Content Mask The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-06-05 | CVE-2022-32296 | Linux | Use of Insufficiently Random Values vulnerability in Linux Kernel The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. | 3.3 |