Weekly Vulnerabilities Reports > May 30 to June 5, 2022

Overview

412 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 127 high severity vulnerabilities. This weekly summary report vulnerabilities in 271 products from 180 vendors including Badminton Center Management System Project, Wedding Management System Project, Debian, Totolink, and Rescue Dispatch Management System Project. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Unrestricted Upload of File with Dangerous Type", "Out-of-bounds Write", and "OS Command Injection".

  • 375 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 236 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 270 reported vulnerabilities are exploitable by an anonymous user.
  • Badminton Center Management System Project has the most reported vulnerabilities, with 19 reported vulnerabilities.
  • Totolink has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

21 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-06-02 CVE-2022-30234 Schneider Electric Use of Hard-coded Credentials vulnerability in Schneider-Electric products

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained.

10.0
2022-06-02 CVE-2022-29084 Dell Improper Restriction of Excessive Authentication Attempts vulnerability in Dell products

Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI.

10.0
2022-06-02 CVE-2021-42875 Totolink Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.

10.0
2022-06-02 CVE-2022-25163 Mitsubishi Improper Input Validation vulnerability in Mitsubishi products

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version "08" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets.

10.0
2022-06-02 CVE-2021-34079 Docker Tester Project OS Command Injection vulnerability in Docker-Tester Project Docker-Tester

OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.

10.0
2022-06-02 CVE-2021-34080 SSL Utils Project OS Command Injection vulnerability in Ssl-Utils Project Ssl-Utils

OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions.

10.0
2022-06-02 CVE-2021-34082 Proctree Project OS Command Injection vulnerability in Proctree Project Proctree

OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.

10.0
2022-06-02 CVE-2021-34084 S3 Uploader Project OS Command Injection vulnerability in S3-Uploader Project S3-Uploader

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.

10.0
2022-06-02 CVE-2021-42872 Totolink OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.

10.0
2022-06-02 CVE-2022-1660 Keysight Deserialization of Untrusted Data vulnerability in Keysight N6841A RF Firmware and N6854A Firmware

The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.

10.0
2022-06-02 CVE-2022-29730 USR Use of Hard-coded Credentials vulnerability in USR products

USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account.

10.0
2022-06-02 CVE-2022-30521 Dlink Out-of-bounds Write vulnerability in Dlink Dir-890L Firmware

The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions.

10.0
2022-05-31 CVE-2022-31003 Signalwire
Debian
Heap-based Buffer Overflow vulnerability in multiple products

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library.

9.8
2022-06-02 CVE-2021-34078 ADP OS Command Injection vulnerability in ADP Lifion-Verifiy-Dependencies

lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file.

9.3
2022-06-02 CVE-2021-34081 Gitsome Project OS Command Injection vulnerability in Gitsome Project Gitsome

OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.

9.3
2022-06-02 CVE-2021-34083 Google IT Project OS Command Injection vulnerability in Google-It Project Google-It

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format.

9.3
2022-06-01 CVE-2022-30190 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

9.3
2022-06-01 CVE-2022-29875 Siemens Deserialization of Untrusted Data vulnerability in Siemens products

A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02).

9.3
2022-06-02 CVE-2021-33473 Dragonfly Project Argument Injection or Modification vulnerability in Dragonfly Project Dragonfly 1.3.0

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled.

9.1
2022-06-02 CVE-2021-44080 Sercomm OS Command Injection vulnerability in Sercomm H500S Firmware Lowih500Sv3.4.22

A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint.

9.0
2022-06-02 CVE-2022-30425 Tenda OS Command Injection vulnerability in Tenda HG6 Firmware 3.3.0210926

Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters.

9.0

127 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-06-03 CVE-2022-32268 Starwindsoftware Unspecified vulnerability in Starwindsoftware Starwind SAN & NAS 0.2

StarWind SAN and NAS v0.2 build 1914 allow remote code execution.

8.8
2022-06-02 CVE-2022-30034 Flower Project Improper Authentication vulnerability in Flower Project Flower

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass.

8.6
2022-06-02 CVE-2021-33615 RSA Unrestricted Upload of File with Dangerous Type vulnerability in RSA Archer

RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.

8.5
2022-06-02 CVE-2022-22767 BD Insufficiently Protected Credentials vulnerability in BD products

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials.

8.3
2022-06-01 CVE-2022-30127 Microsoft Race Condition vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.

8.3
2022-06-01 CVE-2022-30128 Microsoft Race Condition vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.

8.3
2022-06-02 CVE-2022-22556 Dell Resource Exhaustion vulnerability in Dell Powerstoreos

Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface.

7.8
2022-06-02 CVE-2021-42877 Totolink Unspecified vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.

7.8
2022-06-02 CVE-2022-1652 Linux
Redhat
Debian
Netapp
Use After Free vulnerability in multiple products

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function.

7.8
2022-06-02 CVE-2022-1786 Linux
Netapp
Type Confusion vulnerability in multiple products

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring.

7.8
2022-06-02 CVE-2022-1797 Rockwellautomation Resource Exhaustion vulnerability in Rockwellautomation products

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault.

7.8
2022-06-02 CVE-2022-1943 Linux Out-of-bounds Write vulnerability in Linux Kernel 5.18

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi().

7.8
2022-06-02 CVE-2022-1968 VIM
Debian
Apple
Use After Free vulnerability in multiple products

Use After Free in GitHub repository vim/vim prior to 8.2.

7.8
2022-06-02 CVE-2022-31500 Knime Incorrect Default Permissions vulnerability in Knime Analytics Platform

In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.

7.8
2022-05-31 CVE-2022-1942 VIM
Fedoraproject
Apple
Debian
Heap-based Buffer Overflow vulnerability in multiple products

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8
2022-06-03 CVE-2022-26134 Atlassian Injection vulnerability in Atlassian Confluence Data Center

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.

7.5
2022-06-03 CVE-2021-42890 Totolink Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.

7.5
2022-06-03 CVE-2021-42888 Totolink Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.

7.5
2022-06-03 CVE-2021-42887 Totolink Unspecified vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.

7.5
2022-06-03 CVE-2021-42884 Totolink Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.

7.5
2022-06-03 CVE-2021-42885 Totolink Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.

7.5
2022-06-03 CVE-2022-32269 Realnetworks Injection vulnerability in Realnetworks Realplayer 20.0.8.310

In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core).

7.5
2022-06-03 CVE-2022-32270 Realnetworks Path Traversal vulnerability in Realnetworks Realplayer 20.0.7.309/20.0.8.310

In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution.

7.5
2022-06-02 CVE-2022-30238 Schneider Electric Improper Authentication vulnerability in Schneider-Electric products

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session.

7.5
2022-06-02 CVE-2022-26869 Dell Exposure of Resource to Wrong Sphere vulnerability in Dell Powerstoreos

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability.

7.5
2022-06-02 CVE-2021-45981 Netscout XXE vulnerability in Netscout Ngeniusone 6.3.2

NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.

7.5
2022-06-02 CVE-2021-45983 Netscout Code Injection vulnerability in Netscout Ngeniusone 6.3.2

NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution.

7.5
2022-06-02 CVE-2022-29704 Browsbox SQL Injection vulnerability in Browsbox Brows BOX 4.0

BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability.

7.5
2022-06-02 CVE-2022-32019 CAR Rental Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car.

7.5
2022-06-02 CVE-2022-31989 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=.

7.5
2022-06-02 CVE-2022-31990 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product.

7.5
2022-06-02 CVE-2022-31991 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court.

7.5
2022-06-02 CVE-2022-31993 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service.

7.5
2022-06-02 CVE-2022-32020 CAR Rental Management System Project Unspecified vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=save_settings.

7.5
2022-06-02 CVE-2022-32002 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=.

7.5
2022-06-02 CVE-2019-12349 Zzcms SQL Injection vulnerability in Zzcms 2019

An issue was discovered in zzcms 2019.

7.5
2022-06-02 CVE-2019-12350 Zzcms SQL Injection vulnerability in Zzcms 2019

An issue was discovered in zzcms 2019.

7.5
2022-06-02 CVE-2019-12351 Zzcms SQL Injection vulnerability in Zzcms 2019

An issue was discovered in zzcms 2019.

7.5
2022-06-02 CVE-2020-28246 Form Injection vulnerability in Form Form.Io 2.0.0

A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0.

7.5
2022-06-02 CVE-2021-26633 Maxb SQL Injection vulnerability in Maxb Maxboard

SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation.

7.5
2022-06-02 CVE-2021-26634 Maxb Improper Input Validation vulnerability in Maxb Maxboard

SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation.

7.5
2022-06-02 CVE-2021-44095 Hospital Management System Project SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0

A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database.

7.5
2022-06-02 CVE-2021-44096 Egavilanmedia SQL Injection vulnerability in Egavilanmedia User Registration and Login System With Admin Panel 1.0

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user.

7.5
2022-06-02 CVE-2021-44097 Contact Form With Messages Entry Management Project SQL Injection vulnerability in Contact-Form-With-Messages-Entry-Management Project Contact-Form-With-Messages-Entry-Management 1.0

EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php.

7.5
2022-06-02 CVE-2021-44098 Egavilanmedia SQL Injection vulnerability in Egavilanmedia Expense Management System 1.0

EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php.

7.5
2022-06-02 CVE-2022-24239 Aceware Unrestricted Upload of File with Dangerous Type vulnerability in Aceware Aceweb Online Portal

ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.

7.5
2022-06-02 CVE-2022-24240 Aceware SQL Injection vulnerability in Aceware Aceweb Online Portal

ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.

7.5
2022-06-02 CVE-2022-24702 Winaprs Classic Buffer Overflow vulnerability in Winaprs 2.9.0

** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0.

7.5
2022-06-02 CVE-2022-25237 Bonitasoft Incorrect Authorization vulnerability in Bonitasoft Bonita web 2021.2

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter.

7.5
2022-06-02 CVE-2022-27775 Haxx
Debian
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
7.5
2022-06-02 CVE-2022-27781 Haxx
Debian
Infinite Loop vulnerability in multiple products

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

7.5
2022-06-02 CVE-2022-27782 Haxx
Debian
Improper Certificate Validation vulnerability in multiple products

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup.

7.5
2022-06-02 CVE-2022-28605 Linkplay Use of Hard-coded Credentials vulnerability in Linkplay Sound BAR 1.0

Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory

7.5
2022-06-02 CVE-2022-28945 Webbank Path Traversal vulnerability in Webbank Webcube 3.2.2

An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file.

7.5
2022-06-02 CVE-2022-29659 Responsive Online Blog Project SQL Injection vulnerability in Responsive Online Blog Project Responsive Online Blog 1.0

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php.

7.5
2022-06-02 CVE-2022-29712 Librenms Command Injection vulnerability in Librenms 22.3.0

LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.

7.5
2022-06-02 CVE-2022-29776 Onlyoffice Allocation of Resources Without Limits or Throttling vulnerability in Onlyoffice Core and Document Server

Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.

7.5
2022-06-02 CVE-2022-29777 Onlyoffice Out-of-bounds Write vulnerability in Onlyoffice Core and Document Server

Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.

7.5
2022-06-02 CVE-2022-30324 Hashicorp Unspecified vulnerability in Hashicorp Nomad

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host.

7.5
2022-06-02 CVE-2022-30352 Phpabook Project SQL Injection vulnerability in PHPabook Project PHPabook 0.9I

phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script.

7.5
2022-06-02 CVE-2022-30423 Merchandise Online Store Project Unrestricted Upload of File with Dangerous Type vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.

7.5
2022-06-02 CVE-2022-30470 Afian Unspecified vulnerability in Afian Filerun 2022.02.02

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

7.5
2022-06-02 CVE-2022-30478 Ecommerce Project With PHP AND Mysqli Fruits Bazar Project SQL Injection vulnerability in Ecommerce-Project-With-PHP-And-Mysqli-Fruits-Bazar Project Ecommerce-Project-With-PHP-And-Mysqli-Fruits-Bazar 1.0

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters.

7.5
2022-06-02 CVE-2022-30481 Food Order AND Table Reservation System Project SQL Injection vulnerability in Food-Order-And-Table-Reservation-System Project Food-Order-And-Table-Reservation-System 1.0

Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters.

7.5
2022-06-02 CVE-2022-30490 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php.

7.5
2022-06-02 CVE-2022-30506 Mingsoft Unrestricted Upload of File with Dangerous Type vulnerability in Mingsoft Mcms 5.2.7

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.

7.5
2022-06-02 CVE-2022-30510 School Dormitory Management System Project SQL Injection vulnerability in School Dormitory Management System Project School Dormitory Management System 1.0

School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59.

7.5
2022-06-02 CVE-2022-30511 School Dormitory Management System Project SQL Injection vulnerability in School Dormitory Management System Project School Dormitory Management System 1.0

School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4.

7.5
2022-06-02 CVE-2022-30512 School Dormitory Management System Project SQL Injection vulnerability in School Dormitory Management System Project School Dormitory Management System 1.0

School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31.

7.5
2022-06-02 CVE-2022-30797 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 1.0

Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php.

7.5
2022-06-02 CVE-2022-30808 Elitecms Unrestricted Upload of File with Dangerous Type vulnerability in Elitecms Elite CMS 1.01

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.

7.5
2022-06-02 CVE-2022-30809 Elitecms SQL Injection vulnerability in Elitecms Elite CMS 1.01

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=.

7.5
2022-06-02 CVE-2022-30810 Elitecms SQL Injection vulnerability in Elitecms Elite CMS 1.01

elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.

7.5
2022-06-02 CVE-2022-30813 Elitecms SQL Injection vulnerability in Elitecms Elite CMS 1.01

elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.

7.5
2022-06-02 CVE-2022-30814 Elitecms SQL Injection vulnerability in Elitecms Elite CMS 1.01

elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.

7.5
2022-06-02 CVE-2022-30815 Elitecms SQL Injection vulnerability in Elitecms Elite CMS 1.01

elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=

7.5
2022-06-02 CVE-2022-30816 Elitecms SQL Injection vulnerability in Elitecms Elite CMS 1.01

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.

7.5
2022-06-02 CVE-2022-30817 Simple BUS Ticket Booking System Project SQL Injection vulnerability in Simple BUS Ticket Booking System Project Simple BUS Ticket Booking System 1.0

Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.

7.5
2022-06-02 CVE-2022-31327 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2

Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.

7.5
2022-06-02 CVE-2022-31328 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2

Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=.

7.5
2022-06-02 CVE-2022-31329 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2

Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php.

7.5
2022-06-02 CVE-2022-31335 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.

7.5
2022-06-02 CVE-2022-31336 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.

7.5
2022-06-02 CVE-2022-31337 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.

7.5
2022-06-02 CVE-2022-31338 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2

Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.

7.5
2022-06-02 CVE-2022-31340 Simple Inventory System Project SQL Injection vulnerability in Simple Inventory System Project Simple Inventory System 1.0

Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php.

7.5
2022-06-02 CVE-2022-31343 Online CAR Wash Booking System Project SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=.

7.5
2022-06-02 CVE-2022-31344 Online CAR Wash Booking System Project SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking.

7.5
2022-06-02 CVE-2022-31345 Online CAR Wash Booking System Project SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=.

7.5
2022-06-02 CVE-2022-31346 Online CAR Wash Booking System Project SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service.

7.5
2022-06-02 CVE-2022-31347 Online CAR Wash Booking System Project SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.

7.5
2022-06-02 CVE-2022-31348 Online CAR Wash Booking System Project SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=.

7.5
2022-06-02 CVE-2022-31350 Online CAR Wash Booking System Project SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.

7.5
2022-06-02 CVE-2022-31351 Online CAR Wash Booking System Project SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0

Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=.

7.5
2022-06-02 CVE-2022-31352 Online CAR Wash Booking System Project SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0

Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=.

7.5
2022-06-02 CVE-2022-31353 Online CAR Wash Booking System Project SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=.

7.5
2022-06-02 CVE-2022-31354 Online CAR Wash Booking System Project SQL Injection vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service.

7.5
2022-06-02 CVE-2022-31799 Bottlepy
Debian
Improper Handling of Exceptional Conditions vulnerability in multiple products

Bottle before 0.12.20 mishandles errors during early request binding.

7.5
2022-06-02 CVE-2022-31946 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team.

7.5
2022-06-02 CVE-2022-31948 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report.

7.5
2022-06-02 CVE-2022-31951 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type.

7.5
2022-06-02 CVE-2022-31952 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident.

7.5
2022-06-02 CVE-2022-31953 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=.

7.5
2022-06-02 CVE-2022-31956 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=.

7.5
2022-06-02 CVE-2022-31957 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=.

7.5
2022-06-02 CVE-2022-31959 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=.

7.5
2022-06-02 CVE-2022-31961 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=.

7.5
2022-06-02 CVE-2022-31962 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=.

7.5
2022-06-02 CVE-2022-31964 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=.

7.5
2022-06-02 CVE-2022-31965 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=.

7.5
2022-06-02 CVE-2022-31969 Chatbot APP With Suggestion Project SQL Injection vulnerability in Chatbot APP With Suggestion Project Chatbot APP With Suggestion 1.0

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=.

7.5
2022-06-02 CVE-2022-31976 Online Fire Reporting System Project SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.

7.5
2022-06-02 CVE-2022-31977 Online Fire Reporting System Project SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.

7.5
2022-06-02 CVE-2022-31978 Online Fire Reporting System Project SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry.

7.5
2022-06-01 CVE-2020-26184 Dell
Oracle
Improper Certificate Validation vulnerability in multiple products

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.

7.5
2022-06-01 CVE-2020-26185 Dell
Oracle
Out-of-bounds Read vulnerability in multiple products

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.

7.5
2022-05-31 CVE-2022-31013 Chat Server Project Improper Input Validation vulnerability in Chat Server Project Chat Server

Chat Server is the chat server for Vartalap, an open-source messaging application.

7.5
2022-05-31 CVE-2022-31001 Signalwire
Debian
Out-of-bounds Read vulnerability in multiple products

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library.

7.5
2022-05-31 CVE-2022-31002 Signalwire
Debian
Out-of-bounds Read vulnerability in multiple products

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library.

7.5
2022-05-30 CVE-2022-1556 Era404 SQL Injection vulnerability in Era404 Stafflist

The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection

7.5
2022-06-02 CVE-2022-29594 Eginnovations Improper Preservation of Permissions vulnerability in Eginnovations products

eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.

7.2
2022-06-02 CVE-2022-22557 Dell Improper Authentication vulnerability in Dell Powerstoreos

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials.

7.2
2022-06-02 CVE-2022-26868 Dell OS Command Injection vulnerability in Dell Powerstoreos

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw.

7.2
2022-06-02 CVE-2022-32250 Linux
Fedoraproject
Debian
Netapp
Use After Free vulnerability in multiple products

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

7.2
2022-06-02 CVE-2022-1215 Freedesktop Use of Externally-Controlled Format String vulnerability in Freedesktop Libinput

A format string vulnerability was found in libinput

7.2
2022-06-02 CVE-2022-29483 ABB Incorrect Default Permissions vulnerability in ABB E-Design

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.

7.2
2022-06-03 CVE-2021-43271 Riverbed Information Exposure Through Log Files vulnerability in Riverbed Appresponse

Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly.

7.1

217 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-06-02 CVE-2022-1789 Linux
Fedoraproject
Redhat
Debian
NULL Pointer Dereference vulnerability in multiple products

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva.

6.9
2022-06-05 CVE-2022-32291 Realnetworks Unspecified vulnerability in Realnetworks Realplayer

In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file.

6.8
2022-06-03 CVE-2022-32271 Realnetworks Cross-site Scripting vulnerability in Realnetworks Realplayer 20.0.8.310

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability.

6.8
2022-06-02 CVE-2022-32200 Libdwarf Project Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf 0.4.0

libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.

6.8
2022-06-02 CVE-2020-20971 Pbootcms Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 2.0.3

Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.

6.8
2022-06-02 CVE-2021-26635 Bandisoft Out-of-bounds Write vulnerability in Bandisoft ARK Library

In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type.

6.8
2022-06-02 CVE-2021-42195 Swftools Out-of-bounds Write vulnerability in Swftools

An issue was discovered in swftools through 20201222.

6.8
2022-06-02 CVE-2021-42197 Swftools Missing Release of Resource after Effective Lifetime vulnerability in Swftools

An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used.

6.8
2022-06-02 CVE-2021-42199 Swftools Out-of-bounds Write vulnerability in Swftools

An issue was discovered in swftools through 20201222.

6.8
2022-06-02 CVE-2021-42201 Swftools Out-of-bounds Write vulnerability in Swftools

An issue was discovered in swftools through 20201222.

6.8
2022-06-02 CVE-2021-42203 Swftools Use After Free vulnerability in Swftools

An issue was discovered in swftools through 20201222.

6.8
2022-06-02 CVE-2021-42204 Swftools Out-of-bounds Write vulnerability in Swftools

An issue was discovered in swftools through 20201222.

6.8
2022-06-02 CVE-2022-27184 Hornerautomation Out-of-bounds Write vulnerability in Hornerautomation Cscape

The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.

6.8
2022-06-02 CVE-2022-28690 Hornerautomation Out-of-bounds Write vulnerability in Hornerautomation Cscape

The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code.

6.8
2022-06-02 CVE-2022-28799 Tiktok Forced Browsing vulnerability in Tiktok

The TikTok application before 23.7.3 for Android allows account takeover.

6.8
2022-06-02 CVE-2022-29488 Hornerautomation Out-of-bounds Read vulnerability in Hornerautomation Cscape

The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code.

6.8
2022-06-02 CVE-2022-29647 Mingsoft Cross-Site Request Forgery (CSRF) vulnerability in Mingsoft Mcms 5.2.7

An issue was discovered in MCMS 5.2.7.

6.8
2022-06-02 CVE-2022-29692 Unicorn Engine Use After Free vulnerability in Unicorn-Engine Unicorn Engine 1.0.3

Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function.

6.8
2022-06-02 CVE-2022-29735 Deltacontrols Cross-Site Request Forgery (CSRF) vulnerability in Deltacontrols Entelitouch Firmware 3.33.4005/3.40.3706/3.40.3935

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.

6.8
2022-06-02 CVE-2022-30540 Hornerautomation Heap-based Buffer Overflow vulnerability in Hornerautomation Cscape

The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code

6.8
2022-06-02 CVE-2022-31782 Freedesktop Out-of-bounds Write vulnerability in Freedesktop Freetype Demo Programs

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.

6.8
2022-05-30 CVE-2022-1611 Bulk Page Creator Project Cross-Site Request Forgery (CSRF) vulnerability in Bulk Page Creator Project Bulk Page Creator

The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF.

6.8
2022-06-03 CVE-2022-29778 Dlink Unspecified vulnerability in Dlink Dir-890L Firmware 1.09/1.11B01

** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php.

6.5
2022-06-03 CVE-2022-26493 Drupal Improper Certificate Validation vulnerability in Drupal Saml SP 2.0 Single Sign on

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability.

6.5
2022-06-02 CVE-2022-30232 Schneider Electric Improper Input Validation vulnerability in Schneider-Electric Powerlogic ION Setup Firmware

A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network.

6.5
2022-06-02 CVE-2021-45982 Netscout Unrestricted Upload of File with Dangerous Type vulnerability in Netscout Ngeniusone 6.3.2

NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user.

6.5
2022-06-02 CVE-2022-31985 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=.

6.5
2022-06-02 CVE-2022-31986 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=.

6.5
2022-06-02 CVE-2022-31988 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=.

6.5
2022-06-02 CVE-2022-31992 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=.

6.5
2022-06-02 CVE-2022-31994 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id.

6.5
2022-06-02 CVE-2022-32007 Complete Online JOB Search System Project SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=.

6.5
2022-06-02 CVE-2022-32008 Complete Online JOB Search System Project SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=.

6.5
2022-06-02 CVE-2022-32010 Complete Online JOB Search System Project SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=.

6.5
2022-06-02 CVE-2022-32011 Complete Online JOB Search System Project SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=.

6.5
2022-06-02 CVE-2022-32012 Complete Online JOB Search System Project SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=.

6.5
2022-06-02 CVE-2022-32013 Complete Online JOB Search System Project SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=.

6.5
2022-06-02 CVE-2022-32014 Complete Online JOB Search System Project SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction.

6.5
2022-06-02 CVE-2022-32015 Complete Online JOB Search System Project SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=.

6.5
2022-06-02 CVE-2022-32016 Complete Online JOB Search System Project SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany.

6.5
2022-06-02 CVE-2022-32017 Complete Online JOB Search System Project SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle.

6.5
2022-06-02 CVE-2022-32018 Complete Online JOB Search System Project SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=.

6.5
2022-06-02 CVE-2022-32021 CAR Rental Management System Project SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=.

6.5
2022-06-02 CVE-2022-32022 CAR Rental Management System Project SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login.

6.5
2022-06-02 CVE-2022-32024 CAR Rental Management System Project SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=.

6.5
2022-06-02 CVE-2022-32025 CAR Rental Management System Project SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=.

6.5
2022-06-02 CVE-2022-32026 CAR Rental Management System Project SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=.

6.5
2022-06-02 CVE-2022-32027 CAR Rental Management System Project SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=.

6.5
2022-06-02 CVE-2022-32028 CAR Rental Management System Project SQL Injection vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.

6.5
2022-06-02 CVE-2022-31996 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=.

6.5
2022-06-02 CVE-2022-31998 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=.

6.5
2022-06-02 CVE-2022-32000 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=.

6.5
2022-06-02 CVE-2022-32001 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=.

6.5
2022-06-02 CVE-2022-32003 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=.

6.5
2022-06-02 CVE-2022-32004 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=.

6.5
2022-06-02 CVE-2022-32005 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=.

6.5
2022-06-02 CVE-2022-32006 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=.

6.5
2022-06-02 CVE-2022-31980 Online Fire Reporting System Project SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.

6.5
2022-06-02 CVE-2022-31981 Online Fire Reporting System Project SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.

6.5
2022-06-02 CVE-2022-31982 Online Fire Reporting System Project SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.

6.5
2022-06-02 CVE-2022-31983 Online Fire Reporting System Project SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=.

6.5
2022-06-02 CVE-2022-31984 Online Fire Reporting System Project SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.

6.5
2022-06-02 CVE-2021-32546 Gogs Unspecified vulnerability in Gogs

Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely.

6.5
2022-06-02 CVE-2022-27776 Haxx
Fedoraproject
Debian
Insufficiently Protected Credentials vulnerability in multiple products

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

6.5
2022-06-02 CVE-2022-29624 Tpcms Project Unrestricted Upload of File with Dangerous Type vulnerability in Tpcms Project Tpcms 3.2

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.

6.5
2022-06-02 CVE-2022-29725 Creatiwity Unrestricted Upload of File with Dangerous Type vulnerability in Creatiwity Witycms 0.6.2

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.

6.5
2022-06-02 CVE-2022-30794 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 1.0

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php.

6.5
2022-06-02 CVE-2022-30795 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 1.0

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php.

6.5
2022-06-02 CVE-2022-30798 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 1.0

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php.

6.5
2022-06-02 CVE-2022-30799 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 1.0

Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php.

6.5
2022-06-02 CVE-2022-30818 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31.

6.5
2022-06-02 CVE-2022-30819 Wedding Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Management System Project Wedding Management System 1.0

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file.

6.5
2022-06-02 CVE-2022-30820 Wedding Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Management System Project Wedding Management System 1.0

In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file.

6.5
2022-06-02 CVE-2022-30821 Wedding Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Management System Project Wedding Management System 1.0

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file.

6.5
2022-06-02 CVE-2022-30822 Wedding Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Management System Project Wedding Management System 1.0

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file.

6.5
2022-06-02 CVE-2022-30823 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php.

6.5
2022-06-02 CVE-2022-30825 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php.

6.5
2022-06-02 CVE-2022-30826 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php.

6.5
2022-06-02 CVE-2022-30827 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php.

6.5
2022-06-02 CVE-2022-30828 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php.

6.5
2022-06-02 CVE-2022-30829 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\users_edit.php.

6.5
2022-06-02 CVE-2022-30830 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\feature_edit.php.

6.5
2022-06-02 CVE-2022-30831 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php.

6.5
2022-06-02 CVE-2022-30832 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=.

6.5
2022-06-02 CVE-2022-30833 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=.

6.5
2022-06-02 CVE-2022-30834 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id=

6.5
2022-06-02 CVE-2022-30835 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection.

6.5
2022-06-02 CVE-2022-30836 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 is vulnerable to SQL Injection.

6.5
2022-06-02 CVE-2022-31339 Simple Inventory System Project SQL Injection vulnerability in Simple Inventory System Project Simple Inventory System 1.0

Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php.

6.5
2022-06-02 CVE-2022-31970 Chatbot APP With Suggestion Project SQL Injection vulnerability in Chatbot APP With Suggestion Project Chatbot APP With Suggestion 1.0

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=.

6.5
2022-06-02 CVE-2022-31971 Chatbot APP With Suggestion Project SQL Injection vulnerability in Chatbot APP With Suggestion Project Chatbot APP With Suggestion 1.0

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=.

6.5
2022-06-02 CVE-2022-31974 Online Fire Reporting System Project SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.

6.5
2022-06-02 CVE-2022-31975 Online Fire Reporting System Project SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=.

6.5
2022-06-01 CVE-2022-24848 Dhis2 SQL Injection vulnerability in Dhis2 Dhis 2

DHIS2 is an information system for data capture, management, validation, analytics and visualization.

6.5
2022-05-31 CVE-2022-1808 Trudesk Project Unspecified vulnerability in Trudesk Project Trudesk

Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.

6.5
2022-05-31 CVE-2022-31007 Elabftw Unspecified vulnerability in Elabftw

eLabFTW is an electronic lab notebook manager for research teams.

6.5
2022-06-02 CVE-2022-30236 Schneider Electric Incorrect Resource Transfer Between Spheres vulnerability in Schneider-Electric products

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks.

6.4
2022-06-02 CVE-2022-31945 Rescue Dispatch Management System Project Unspecified vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img.

6.4
2022-06-02 CVE-2022-1462 Linux
Redhat
Debian
Race Condition vulnerability in multiple products

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem.

6.3
2022-06-02 CVE-2022-26867 Dell Improper Neutralization of Formula Elements in a CSV File vulnerability in Dell Powerstoreos

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file.

6.0
2022-06-03 CVE-2022-1987 Libmobi Project Out-of-bounds Read vulnerability in Libmobi Project Libmobi

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.

5.8
2022-06-02 CVE-2022-29718 Caddyserver Open Redirect vulnerability in Caddyserver Caddy

Caddy v2.4 was discovered to contain an open redirect vulnerability.

5.8
2022-06-02 CVE-2022-23237 Netapp Open Redirect vulnerability in Netapp E-Series Santricity OS Controller

E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites.

5.8
2022-06-02 CVE-2022-27778 Haxx Use of Incorrectly-Resolved Name or Reference vulnerability in Haxx Curl 7.83.0

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

5.8
2022-06-02 CVE-2022-28702 ABB Incorrect Default Permissions vulnerability in ABB E-Design

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.

5.5
2022-06-02 CVE-2022-30804 Elitecms Improper Privilege Management vulnerability in Elitecms Elite CMS 1.01

elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=.

5.5
2022-06-02 CVE-2022-31342 Online CAR Wash Booking System Project Unspecified vulnerability in Online CAR Wash Booking System Project Online CAR Wash Booking System 1.0

Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img.

5.5
2022-06-02 CVE-2022-31966 Chatbot APP With Suggestion Project Unspecified vulnerability in Chatbot APP With Suggestion Project Chatbot APP With Suggestion 1.0

ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img.

5.5
2022-06-02 CVE-2022-31973 Online Fire Reporting System Project Unspecified vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img.

5.5
2022-05-31 CVE-2022-30973 Apache Unspecified vulnerability in Apache Tika

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release.

5.5
2022-05-31 CVE-2022-1931 Trudesk Project Improper Synchronization vulnerability in Trudesk Project Trudesk

Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.

5.5
2022-06-02 CVE-2022-31462 Owllabs Use of Hard-coded Credentials vulnerability in Owllabs Meeting OWL PRO Firmware

Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.

5.4
2022-05-31 CVE-2021-3555 Eufylife Classic Buffer Overflow vulnerability in Eufylife products

A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution.

5.4
2022-06-03 CVE-2022-29784 Publiccms Information Exposure vulnerability in Publiccms

PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.

5.0
2022-06-03 CVE-2021-42893 Totolink Information Exposure vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.

5.0
2022-06-03 CVE-2021-42892 Totolink Use of Hard-coded Credentials vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.

5.0
2022-06-03 CVE-2021-42891 Totolink Information Exposure vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization.

5.0
2022-06-03 CVE-2021-42889 Totolink Information Exposure vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization.

5.0
2022-06-03 CVE-2021-42886 Totolink Information Exposure vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215

TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.

5.0
2022-06-03 CVE-2022-32265 Qdecoder Project Unspecified vulnerability in Qdecoder Project Qdecoder

qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding.

5.0
2022-06-02 CVE-2022-30235 Schneider Electric Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric products

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force.

5.0
2022-06-02 CVE-2022-30237 Schneider Electric Missing Encryption of Sensitive Data vulnerability in Schneider-Electric products

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding.

5.0
2022-06-02 CVE-2022-31023 Lightbend Information Exposure Through an Error Message vulnerability in Lightbend Play Framework

Play Framework is a web framework for Java and Scala.

5.0
2022-06-02 CVE-2022-31018 Lightbend Resource Exhaustion vulnerability in Lightbend Play Framework

Play Framework is a web framework for Java and Scala.

5.0
2022-06-02 CVE-2021-33254 Embedthis NULL Pointer Dereference vulnerability in Embedthis Appweb 8.2.1

An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.

5.0
2022-06-02 CVE-2021-40186 Dnnsoftware Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke.

5.0
2022-06-02 CVE-2021-43306 Jqueryvalidation Unspecified vulnerability in Jqueryvalidation Jquery Validation

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

5.0
2022-06-02 CVE-2021-43307 Semver Regex Project Unspecified vulnerability in Semver-Regex Project Semver-Regex

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method

5.0
2022-06-02 CVE-2021-43308 Markdown Link Extractor Project Unspecified vulnerability in Markdown-Link-Extractor Project Markdown-Link-Extractor

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function

5.0
2022-06-02 CVE-2022-1661 Keysight Relative Path Traversal vulnerability in Keysight N6841A RF Firmware and N6854A Firmware

The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files.

5.0
2022-06-02 CVE-2022-1929 Devcert Project Incorrect Comparison vulnerability in Devcert Project Devcert

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method

5.0
2022-06-02 CVE-2022-1949 Port389
Redhat
Fedoraproject
Incorrect Authorization vulnerability in multiple products

An access control bypass vulnerability found in 389-ds-base.

5.0
2022-06-02 CVE-2022-24241 Aceware Externally Controlled Reference to a Resource in Another Sphere vulnerability in Aceware Aceweb Online Portal

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.

5.0
2022-06-02 CVE-2022-24581 Aceware Unrestricted Upload of File with Dangerous Type vulnerability in Aceware Aceweb Online Portal

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC.

5.0
2022-06-02 CVE-2022-24700 Winaprs Classic Buffer Overflow vulnerability in Winaprs 2.9.0

** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0.

5.0
2022-06-02 CVE-2022-26971 Barco Improper Authentication vulnerability in Barco Control Room Management Suite

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism.

5.0
2022-06-02 CVE-2022-26973 Barco Information Exposure Through an Error Message vulnerability in Barco Control Room Management Suite

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism.

5.0
2022-06-02 CVE-2022-26975 Barco Improper Authentication vulnerability in Barco Control Room Management Suite

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.

5.0
2022-06-02 CVE-2022-27779 Haxx Exposure of Resource to Wrong Sphere vulnerability in Haxx Curl

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies.

5.0
2022-06-02 CVE-2022-27780 Haxx Server-Side Request Forgery (SSRF) vulnerability in Haxx Curl

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`.

5.0
2022-06-02 CVE-2022-29693 Unicorn Engine Memory Leak vulnerability in Unicorn-Engine Unicorn Engine

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.

5.0
2022-06-02 CVE-2022-29694 Unicorn Engine NULL Pointer Dereference vulnerability in Unicorn-Engine Unicorn Engine

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.

5.0
2022-06-02 CVE-2022-29695 Unicorn Engine Improper Initialization vulnerability in Unicorn-Engine Unicorn Engine

Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization.

5.0
2022-06-02 CVE-2022-29729 Verizon Weak Password Requirements vulnerability in Verizon 4G LTE Network Extender Firmware 0.4.038.2131/Ga4.38

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page.

5.0
2022-06-02 CVE-2022-30496 MV SQL Injection vulnerability in MV Idce 1.0

SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information.

5.0
2022-06-02 CVE-2022-31004 Mitre Cleartext Storage of Sensitive Information vulnerability in Mitre Cve-Services

CVEProject/cve-services is an open source project used to operate the CVE services API.

5.0
2022-06-02 CVE-2022-29233 Bigbluebutton Improper Authorization vulnerability in Bigbluebutton

BigBlueButton is an open source web conferencing system.

5.0
2022-06-01 CVE-2022-29169 Bigbluebutton Improper Input Validation vulnerability in Bigbluebutton

BigBlueButton is an open source web conferencing system.

5.0
2022-06-01 CVE-2022-29098 Dell Weak Password Requirements vulnerability in Dell Powerscale Onefs

Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability.

5.0
2022-05-31 CVE-2022-1893 Trudesk Project Information Exposure vulnerability in Trudesk Project Trudesk

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3.

5.0
2022-05-31 CVE-2022-31005 Vapor Integer Overflow or Wraparound vulnerability in Vapor

Vapor is an HTTP web framework for Swift.

5.0
2022-05-31 CVE-2022-23082 Mend Path Traversal vulnerability in Mend Curekit

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal.

5.0
2022-05-30 CVE-2022-1589 Change WP Admin Login Project Incorrect Authorization vulnerability in Change Wp-Admin Login Project Change Wp-Admin Login

The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings.

5.0
2022-05-30 CVE-2022-1566 Quotes Llama Project Cross-site Scripting vulnerability in Quotes Llama Project Quotes Llama

The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

4.8
2022-06-02 CVE-2022-29085 Dell Insufficiently Protected Credentials vulnerability in Dell products

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system.

4.6
2022-06-02 CVE-2022-1419 Linux Use After Free vulnerability in Linux Kernel

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

4.6
2022-06-02 CVE-2022-24701 Winaprs Classic Buffer Overflow vulnerability in Winaprs 2.9.0

** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0.

4.6
2022-05-31 CVE-2022-31011 Pingcap Improper Authentication vulnerability in Pingcap Tidb 5.3.0

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads.

4.6
2022-05-31 CVE-2022-1934 Mruby Use After Free vulnerability in Mruby

Use After Free in GitHub repository mruby/mruby prior to 3.2.

4.6
2022-06-03 CVE-2022-1988 Facturascripts Cross-site Scripting vulnerability in Facturascripts

Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.

4.3
2022-06-02 CVE-2022-30233 Schneider Electric Improper Input Validation vulnerability in Schneider-Electric products

A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage.

4.3
2022-06-02 CVE-2022-31463 Owllabs Improper Authentication vulnerability in Owllabs Meeting OWL PRO Firmware

Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used.

4.3
2022-06-02 CVE-2022-31024 Nextcloud Origin Validation Error vulnerability in Nextcloud Richdocuments

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration.

4.3
2022-06-02 CVE-2022-32201 Libjpeg Project NULL Pointer Dereference vulnerability in Libjpeg Project Libjpeg 1.63

In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp.

4.3
2022-06-02 CVE-2022-32202 Libjpeg Project NULL Pointer Dereference vulnerability in Libjpeg Project Libjpeg 1.63

In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.

4.3
2022-06-02 CVE-2021-36890 Supsystic Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Social Share Buttons

Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress.

4.3
2022-06-02 CVE-2021-42196 Swftools NULL Pointer Dereference vulnerability in Swftools

An issue was discovered in swftools through 20201222.

4.3
2022-06-02 CVE-2021-42198 Swftools NULL Pointer Dereference vulnerability in Swftools

An issue was discovered in swftools through 20201222.

4.3
2022-06-02 CVE-2021-42200 Swftools NULL Pointer Dereference vulnerability in Swftools

An issue was discovered in swftools through 20201222.

4.3
2022-06-02 CVE-2021-42202 Swftools NULL Pointer Dereference vulnerability in Swftools

An issue was discovered in swftools through 20201222.

4.3
2022-06-02 CVE-2022-24238 Aceware Cross-site Scripting vulnerability in Aceware Aceweb Online Portal

ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.

4.3
2022-06-02 CVE-2022-26491 Pidgin
Debian
Improper Certificate Validation vulnerability in multiple products

An issue was discovered in Pidgin before 2.14.9.

4.3
2022-06-02 CVE-2022-26972 Barco Cross-site Scripting vulnerability in Barco Control Room Management Suite

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint.

4.3
2022-06-02 CVE-2022-26974 Barco Cross-site Scripting vulnerability in Barco Control Room Management Suite

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism.

4.3
2022-06-02 CVE-2022-26977 Barco Cross-site Scripting vulnerability in Barco Control Room Management Suite

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism.

4.3
2022-06-02 CVE-2022-26978 Barco Cross-site Scripting vulnerability in Barco Control Room Management Suite

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint.

4.3
2022-06-02 CVE-2022-29540 Resi Cross-site Scripting vulnerability in Resi Gemini-Net 4.2

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues.

4.3
2022-06-02 CVE-2022-29598 Solutions Atlantic Cross-site Scripting vulnerability in Solutions-Atlantic Regulatory Reporting System 500

Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx .

4.3
2022-06-02 CVE-2022-29653 Ofcms Project Cross-site Scripting vulnerability in Ofcms Project Ofcms 1.1.4

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.

4.3
2022-06-02 CVE-2022-29711 Librenms Cross-site Scripting vulnerability in Librenms 22.3.0

LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.

4.3
2022-06-02 CVE-2022-29732 Deltacontrols Cross-site Scripting vulnerability in Deltacontrols Entelitouch Firmware 3.33.4005/3.40.3706/3.40.3935

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter.

4.3
2022-06-02 CVE-2022-29733 Deltacontrols Cleartext Transmission of Sensitive Information vulnerability in Deltacontrols Entelitouch Firmware 3.33.4005/3.40.3706/3.40.3935

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext.

4.3
2022-06-02 CVE-2022-29788 Libmobi Project NULL Pointer Dereference vulnerability in Libmobi Project Libmobi

libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer.

4.3
2022-06-02 CVE-2022-30115 Haxx
Netapp
Cleartext Transmission of Sensitive Information vulnerability in multiple products

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL.

4.3
2022-06-02 CVE-2022-30349 Sscms Cross-site Scripting vulnerability in Sscms Siteserver CMS 6.15.51

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).

4.3
2022-06-02 CVE-2022-30513 School Dormitory Management System Project Cross-site Scripting vulnerability in School Dormitory Management System Project School Dormitory Management System 1.0

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125

4.3
2022-06-02 CVE-2022-30514 School Dormitory Management System Project Cross-site Scripting vulnerability in School Dormitory Management System Project School Dormitory Management System 1.0

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126.

4.3
2022-06-02 CVE-2022-31783 Liblouis Out-of-bounds Write vulnerability in Liblouis 3.21.0

Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.

4.3
2022-06-02 CVE-2022-31796 Jpeg Out-of-bounds Read vulnerability in Jpeg Libjpeg 1.63

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.

4.3
2022-06-02 CVE-2022-29235 Bigbluebutton Information Exposure vulnerability in Bigbluebutton

BigBlueButton is an open source web conferencing system.

4.3
2022-06-01 CVE-2022-26905 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

4.3
2022-06-01 CVE-2022-31000 Nebulab Cross-Site Request Forgery (CSRF) vulnerability in Nebulab Solidus

solidus_backend is the admin interface for the Solidus e-commerce framework.

4.3
2022-06-01 CVE-2022-1285 Gogs Server-Side Request Forgery (SSRF) vulnerability in Gogs

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.

4.3
2022-05-31 CVE-2022-31015 Agendaless Uncaught Exception vulnerability in Agendaless Waitress 2.1.0/2.1.1

Waitress is a Web Server Gateway Interface server for Python 2 and 3.

4.3
2022-05-31 CVE-2022-29245 SSH NET Project Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ssh.Net Project Ssh.Net 2020.0.0/2020.0.1

SSH.NET is a Secure Shell (SSH) library for .NET.

4.3
2022-05-31 CVE-2022-29258 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream.

4.3
2022-05-31 CVE-2022-22361 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM products

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

4.3
2022-05-30 CVE-2022-1009 Wpmudev Cross-site Scripting vulnerability in Wpmudev Smush Image Compression and Optimization

The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting.

4.3
2022-05-30 CVE-2022-1203 Content Mask Project Missing Authorization vulnerability in Content Mask Project Content Mask

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin.

4.3
2022-05-30 CVE-2022-1527 Wpwhitesecurity Cross-site Scripting vulnerability in Wpwhitesecurity WP 2FA 2.2.0

The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

4.3
2022-05-30 CVE-2022-1528 Vikwp Cross-site Scripting vulnerability in Vikwp VIK Booking

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting

4.3
2022-05-30 CVE-2022-1582 Webfactoryltd Cross-site Scripting vulnerability in Webfactoryltd External Links in NEW Window / NEW TAB

The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.

4.3
2022-05-30 CVE-2022-1583 Webfactoryltd Use of Web Link to Untrusted Target with window.opener Access vulnerability in Webfactoryltd External Links in NEW Window / NEW TAB

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.

4.3
2022-06-03 CVE-2022-29767 Adbyby Project Allocation of Resources Without Limits or Throttling vulnerability in Adbyby Project Adbyby 2.7

adbyby v2.7 allows external users to make connections via port 8118.

4.0
2022-06-02 CVE-2022-1982 Mattermost Resource Exhaustion vulnerability in Mattermost Server

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.

4.0
2022-06-02 CVE-2022-26944 Percona Unspecified vulnerability in Percona Xtrabackup 2.4.20

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output.

4.0
2022-06-02 CVE-2022-29597 Solutions Atlantic Path Traversal vulnerability in Solutions-Atlantic Regulatory Reporting System 500

Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI).

4.0
2022-06-02 CVE-2021-33504 Couchbase Incorrect Authorization vulnerability in Couchbase Server

Couchbase Server before 7.1.0 has Incorrect Access Control.

4.0
2022-06-02 CVE-2022-29627 Online Market Place Site Project Authorization Bypass Through User-Controlled Key vulnerability in Online Market Place Site Project Online Market Place Site 1.0

An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers.

4.0
2022-06-02 CVE-2022-29731 ICT Use of Password Hash With Insufficient Computational Effort vulnerability in ICT Protege GX Firmware and Protege WX Firmware

An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users.

4.0
2022-06-02 CVE-2022-29234 Bigbluebutton Improper Authorization vulnerability in Bigbluebutton

BigBlueButton is an open source web conferencing system.

4.0
2022-06-02 CVE-2022-29236 Bigbluebutton Improper Authorization vulnerability in Bigbluebutton

BigBlueButton is an open source web conferencing system.

4.0
2022-06-01 CVE-2022-29232 Bigbluebutton Information Exposure vulnerability in Bigbluebutton

BigBlueButton is an open source web conferencing system.

4.0
2022-05-31 CVE-2022-1947 Trudesk Project Unspecified vulnerability in Trudesk Project Trudesk

Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.

4.0
2022-05-31 CVE-2022-29243 Nextcloud Resource Exhaustion vulnerability in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform.

4.0
2022-05-31 CVE-2022-29220 Fastify Insufficient Verification of Data Authenticity vulnerability in Fastify Github Action Merge Dependabot

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs).

4.0
2022-05-31 CVE-2022-1926 Trudesk Project Integer Overflow or Wraparound vulnerability in Trudesk Project Trudesk

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.

4.0

47 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-06-02 CVE-2022-30277 BD Insufficient Session Expiration vulnerability in BD Synapsys 4.20/4.30

BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability.

3.6
2022-06-03 CVE-2022-29770 Xuxueli Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.3.0

XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.

3.5
2022-06-03 CVE-2022-29773 Aleksis Incorrect Authorization vulnerability in Aleksis

An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.

3.5
2022-06-02 CVE-2022-26866 Dell Cross-site Scripting vulnerability in Dell Powerstoreos

Dell PowerStore Versions before v2.1.1.0.

3.5
2022-06-02 CVE-2021-38221 BBS GO Project Cross-site Scripting vulnerability in Bbs-Go Project Bbs-Go

bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS.

3.5
2022-06-02 CVE-2022-1979 Product Show Room Site Project Cross-site Scripting vulnerability in Product Show Room Site Project Product Show Room Site 1.0

A vulnerability was found in SourceCodester Product Show Room Site 1.0.

3.5
2022-06-02 CVE-2022-1980 Product Show Room Site Project Cross-site Scripting vulnerability in Product Show Room Site Project Product Show Room Site 1.0

A vulnerability was found in SourceCodester Product Show Room Site 1.0.

3.5
2022-06-02 CVE-2022-26497 Bigbluebutton Cross-site Scripting vulnerability in Bigbluebutton Greenlight 2.11.1

BigBlueButton Greenlight 2.11.1 allows XSS.

3.5
2022-06-02 CVE-2022-30429 Neos Cross-site Scripting vulnerability in Neos CMS

Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title.

3.5
2022-06-02 CVE-2021-36866 Fatcatapps Cross-site Scripting vulnerability in Fatcatapps Easy Pricing Tables

Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress.

3.5
2022-06-02 CVE-2022-24967 Blackrainbow Cross-site Scripting vulnerability in Blackrainbow Nimbus

Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS).

3.5
2022-06-02 CVE-2022-26976 Barco Cross-site Scripting vulnerability in Barco Control Room Management Suite

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism.

3.5
2022-06-02 CVE-2022-27774 Haxx Insufficiently Protected Credentials vulnerability in Haxx Curl

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.

3.5
2022-06-02 CVE-2022-29628 Online Market Place Site Project Cross-site Scripting vulnerability in Online Market Place Site Project Online Market Place Site 1.0

A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter.

3.5
2022-06-02 CVE-2022-29648 Jflyfox Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0

A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.

3.5
2022-06-02 CVE-2022-29734 ICT Cross-site Scripting vulnerability in ICT Protege GX and Protege WX

A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.

3.5
2022-06-02 CVE-2022-30482 Ecommerce Project With PHP AND Mysqli Fruits Bazar Project Cross-site Scripting vulnerability in Ecommerce-Project-With-PHP-And-Mysqli-Fruits-Bazar Project Ecommerce-Project-With-PHP-And-Mysqli-Fruits-Bazar 1.0

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters.

3.5
2022-06-02 CVE-2022-30999 Friendsofflarum Cross-site Scripting vulnerability in Friendsofflarum Upload

FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum.

3.5
2022-06-01 CVE-2021-27914 Acquia Cross-site Scripting vulnerability in Acquia Mautic

A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript

3.5
2022-06-01 CVE-2021-27778 Hcltech Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0

HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages.

3.5
2022-05-30 CVE-2022-0376 User Meta Cross-site Scripting vulnerability in User-Meta User Meta User Profile Builder and User Management

The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

3.5
2022-05-30 CVE-2022-0642 Jivochat Cross-Site Request Forgery (CSRF) vulnerability in Jivochat

The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript.

3.5
2022-05-30 CVE-2022-1275 Stillbreathing Cross-site Scripting vulnerability in Stillbreathing Bannerman

The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite)

3.5
2022-05-30 CVE-2022-1294 99Webtools Cross-site Scripting vulnerability in 99Webtools Imdb Info BOX

The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

3.5
2022-05-30 CVE-2022-1299 Slideshow Project Cross-site Scripting vulnerability in Slideshow Project Slideshow

The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

3.5
2022-05-30 CVE-2022-1387 NO Future Posts Project Cross-site Scripting vulnerability in NO Future Posts Project NO Future Posts 1.4

The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

3.5
2022-05-30 CVE-2022-1395 Easy FAQ With Expanding Text Project Cross-site Scripting vulnerability in Easy FAQ With Expanding Text Project Easy FAQ With Expanding Text 3.2.8.3.1

The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

3.5
2022-05-30 CVE-2022-1456 AYS PRO Cross-site Scripting vulnerability in Ays-Pro Poll Maker

The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed

3.5
2022-05-30 CVE-2022-1542 Justsystems Cross-site Scripting vulnerability in Justsystems HPB Dashboard

The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

3.5
2022-05-30 CVE-2022-1562 Room 34 Creative Services Cross-site Scripting vulnerability in Room 34 Creative Services Enable SVG

The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads

3.5
2022-05-30 CVE-2022-1564 10Web Cross-site Scripting vulnerability in 10Web Form Maker

The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

3.5
2022-05-30 CVE-2022-1568 Wpdarko Cross-site Scripting vulnerability in Wpdarko Team Members

The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

3.5
2022-05-30 CVE-2022-1643 Birthdays Widget Project Cross-site Scripting vulnerability in Birthdays Widget Project Birthdays Widget

The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

3.5
2022-05-30 CVE-2022-1644 Call Book Mobile BAR Project Cross-site Scripting vulnerability in Call&Book Mobile BAR Project Call&Book Mobile BAR

The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

3.5
2022-05-30 CVE-2022-1645 Amazon Link Project Cross-site Scripting vulnerability in Amazon Link Project Amazon Link

The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

3.5
2022-05-30 CVE-2022-1646 Simple Real Estate Pack Project Cross-site Scripting vulnerability in Simple Real Estate Pack Project Simple Real Estate Pack

The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

3.5
2022-06-05 CVE-2022-32296 Linux Information Exposure Through Discrepancy vulnerability in Linux Kernel

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used.

3.3
2022-06-02 CVE-2022-31459 Owllabs Information Exposure vulnerability in Owllabs Meeting OWL PRO Firmware

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth.

3.3
2022-06-02 CVE-2022-31460 Owllabs Use of Hard-coded Credentials vulnerability in Owllabs Meeting OWL PRO Firmware

Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.

3.3
2022-06-02 CVE-2022-31461 Owllabs Improper Authentication vulnerability in Owllabs Meeting OWL PRO Firmware

Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message.

3.3
2022-06-02 CVE-2022-1716 Kitetech Improper Authentication vulnerability in Kitetech Keep MY Notes 1.80.147

Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data.

2.1
2022-06-02 CVE-2021-43512 Flightradar24 Insecure Storage of Sensitive Information vulnerability in Flightradar24 Flight Tracker

An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys.

2.1
2022-06-02 CVE-2022-23236 Netapp Cleartext Storage of Sensitive Information vulnerability in Netapp E-Series Santricity OS Controller

E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users.

2.1
2022-06-02 CVE-2022-29779 Nginx Unspecified vulnerability in Nginx NJS 0.7.2

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.

2.1
2022-06-02 CVE-2022-29780 Nginx Unspecified vulnerability in Nginx NJS 0.7.2

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.

2.1
2022-06-02 CVE-2022-30503 Nginx Unspecified vulnerability in Nginx NJS 0.7.2

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.

2.1
2022-06-01 CVE-2022-31022 Couchbase Authentication Bypass Using an Alternate Path or Channel vulnerability in Couchbase Bleve

Bleve is a text indexing library for go.

2.1