Weekly Vulnerabilities Reports > June 13 to 19, 2022
Overview
765 new vulnerabilities reported during this period, including 56 critical vulnerabilities and 235 high severity vulnerabilities. This weekly summary report vulnerabilities in 1387 products from 260 vendors including Google, Qualcomm, Microsoft, Siemens, and Ffmpeg. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Out-of-bounds Write", "Cross-Site Request Forgery (CSRF)", and "Out-of-bounds Read".
- 545 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 229 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 506 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 80 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 12 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
56 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-06-17 | CVE-2022-30422 | Proietti | Use of Hard-coded Credentials vulnerability in Proietti Planet Time Enterprise Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter. | 10.0 |
2022-06-16 | CVE-2022-30329 | Trendnet | OS Command Injection vulnerability in Trendnet Tew-831Dr Firmware 1.0601.130.1.1356 An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. | 10.0 |
2022-06-15 | CVE-2022-20140 | Out-of-bounds Write vulnerability in Google Android 12.0/12.1 In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. | 10.0 | |
2022-06-15 | CVE-2022-20145 | Unspecified vulnerability in Google Android 11.0 In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. | 10.0 | |
2022-06-15 | CVE-2022-20160 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A | 10.0 | |
2022-06-15 | CVE-2022-20164 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A | 10.0 | |
2022-06-15 | CVE-2022-20167 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A | 10.0 | |
2022-06-15 | CVE-2022-20170 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A | 10.0 | |
2022-06-15 | CVE-2022-20171 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A | 10.0 | |
2022-06-15 | CVE-2022-20173 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A | 10.0 | |
2022-06-15 | CVE-2022-20191 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A | 10.0 | |
2022-06-15 | CVE-2022-20210 | Unspecified vulnerability in Google Android The UE and the EMM communicate with each other using NAS messages. | 10.0 | |
2022-06-15 | CVE-2022-20127 | Double Free vulnerability in Google Android In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. | 10.0 | |
2022-06-14 | CVE-2021-30341 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | 10.0 |
2022-06-14 | CVE-2021-35081 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 10.0 |
2022-06-14 | CVE-2021-35104 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 10.0 |
2022-06-14 | CVE-2022-22086 | Qualcomm | Double Free vulnerability in Qualcomm products Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 10.0 |
2022-06-14 | CVE-2022-22087 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 10.0 |
2022-06-14 | CVE-2022-25651 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 10.0 |
2022-06-13 | CVE-2022-29797 | Huawei | Classic Buffer Overflow vulnerability in Huawei Cv81-Wdm Firmware 01.70.49.29.46 There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. | 10.0 |
2022-06-17 | CVE-2022-22485 | IBM | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Protect Operations Center In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. | 9.8 |
2022-06-17 | CVE-2021-40903 | Antminer Monitor Project | Use of Hard-coded Credentials vulnerability in Antminer Monitor Project Antminer Monitor 0.50.0 A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. | 9.8 |
2022-06-17 | CVE-2021-45024 | Rocketsoftware | XXE vulnerability in Rocketsoftware Ags-Zena 4.2.1 ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE). | 9.8 |
2022-06-16 | CVE-2022-24562 | Iobit | Missing Authentication for Critical Function vulnerability in Iobit Iotransfer 4.3.1.1561 In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution. | 9.8 |
2022-06-16 | CVE-2022-31382 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Directory Management System 1.0 Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. | 9.8 |
2022-06-16 | CVE-2022-31383 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Directory Management System 1.0 Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. | 9.8 |
2022-06-16 | CVE-2022-31384 | Phpgurukul | SQL Injection vulnerability in PHPgurukul Directory Management System 1.0 Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. | 9.8 |
2022-06-15 | CVE-2022-30136 | Microsoft | Unspecified vulnerability in Microsoft products Windows Network File System Remote Code Execution Vulnerability | 9.8 |
2022-06-15 | CVE-2021-41418 | Ariang Project | Missing Authentication for Critical Function vulnerability in Ariang Project Ariang AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulnerability through not authenticating visitors' access rights. | 9.8 |
2022-06-15 | CVE-2017-20049 | Axis | Improper Privilege Management vulnerability in Axis products A vulnerability, was found in legacy Axis devices such as P3225 and M3005. | 9.8 |
2022-06-15 | CVE-2022-20733 | Cisco | Unspecified vulnerability in Cisco Identity Services Engine 3.1 A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. | 9.8 |
2022-06-15 | CVE-2022-20798 | Cisco | Improper Authentication vulnerability in Cisco products A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. | 9.8 |
2022-06-15 | CVE-2022-20825 | Cisco | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 9.8 |
2022-06-15 | CVE-2022-20130 | Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. | 9.8 | |
2022-06-14 | CVE-2022-27668 | SAP | Incorrect Authorization vulnerability in SAP products Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | 9.8 |
2022-06-14 | CVE-2022-31311 | Wavlink | OS Command Injection vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719 An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. | 9.8 |
2022-06-14 | CVE-2022-32251 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 9.8 |
2022-06-14 | CVE-2022-32260 | Siemens | Unspecified vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 9.8 |
2022-06-14 | CVE-2022-32262 | Siemens | Command Injection vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 9.8 |
2022-06-14 | CVE-2022-31446 | Tendacn | OS Command Injection vulnerability in Tendacn Ac18 Firmware 15.03.05.05/15.03.05.19 Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. | 9.8 |
2022-06-13 | CVE-2022-31053 | Biscuitsec Clever Cloud | Improper Verification of Cryptographic Signature vulnerability in multiple products Biscuit is an authentication and authorization token for microservices architectures. | 9.8 |
2022-06-13 | CVE-2022-33175 | Powertekpdus | Incorrect Permission Assignment for Critical Resource vulnerability in Powertekpdus products Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. | 9.8 |
2022-06-13 | CVE-2022-30308 | Festo | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. | 9.8 |
2022-06-13 | CVE-2022-30309 | Festo | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. | 9.8 |
2022-06-13 | CVE-2022-30310 | Festo | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. | 9.8 |
2022-06-13 | CVE-2022-30311 | Festo | Incorrect Authorization vulnerability in Festo products In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. | 9.8 |
2022-06-13 | CVE-2022-0885 | Memberhero | Missing Authorization vulnerability in Memberhero Member Hero 1.0.9 The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. | 9.8 |
2022-06-13 | CVE-2021-37404 | Apache | Out-of-bounds Write vulnerability in Apache Hadoop There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. | 9.8 |
2022-06-14 | CVE-2021-35083 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.4 |
2022-06-15 | CVE-2021-40727 | Adobe | Access of Memory Location After End of Buffer vulnerability in Adobe Indesign Access of Memory Location After End of Buffer (CWE-788 | 9.3 |
2022-06-14 | CVE-2021-30347 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 9.3 |
2022-06-14 | CVE-2021-35082 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has been received in Snapdragon Industrial IOT | 9.3 |
2022-06-14 | CVE-2022-32559 | Couchbase | Allocation of Resources Without Limits or Throttling vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 7.0.4. | 9.1 |
2022-06-14 | CVE-2022-32328 | Fast Food Ordering System Project | Path Traversal vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 Fast Food Ordering System v1.0 is vulnerable to Delete any file. | 9.1 |
2022-06-14 | CVE-2022-29241 | Jupyter | Unspecified vulnerability in Jupyter Server Jupyter Server provides the backend (i.e. | 9.0 |
2022-06-13 | CVE-2022-1654 | Artbees | Unspecified vulnerability in Artbees Jupiter and Jupiterx Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions | 9.0 |
235 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-06-17 | CVE-2022-2111 | Inventree Project | Unrestricted Upload of File with Dangerous Type vulnerability in Inventree Project Inventree Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2. | 8.8 |
2022-06-17 | CVE-2022-2112 | Inventree Project | Improper Neutralization of Formula Elements in a CSV File vulnerability in Inventree Project Inventree Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2. | 8.8 |
2022-06-16 | CVE-2022-33753 | Broadcom | Unspecified vulnerability in Broadcom CA Automic Automation 12.2/12.3 CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | 8.8 |
2022-06-16 | CVE-2022-30023 | Tenda | OS Command Injection vulnerability in Tenda HG9 Firmware 1.0.1 Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. | 8.8 |
2022-06-16 | CVE-2022-31849 | Mercurycom | Unspecified vulnerability in Mercurycom Mipc451-4 Firmware 1.0.22 MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request. | 8.8 |
2022-06-16 | CVE-2022-31626 | PHP Debian | Classic Buffer Overflow vulnerability in multiple products In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. | 8.8 |
2022-06-15 | CVE-2022-30153 | Microsoft | Unspecified vulnerability in Microsoft products Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
2022-06-15 | CVE-2022-30157 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Server 2013/2016/2019 Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
2022-06-15 | CVE-2022-30158 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
2022-06-15 | CVE-2022-30161 | Microsoft | Unspecified vulnerability in Microsoft products Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.8 |
2022-06-15 | CVE-2022-30165 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kerberos Elevation of Privilege Vulnerability | 8.8 |
2022-06-15 | CVE-2022-29450 | Admin Management Xtended Project | Cross-Site Request Forgery (CSRF) vulnerability in Admin Management Xtended Project Admin Management Xtended Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. | 8.8 |
2022-06-15 | CVE-2021-33036 | Apache | Path Traversal vulnerability in Apache Hadoop In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
2022-06-14 | CVE-2022-31595 | SAP | Missing Authorization vulnerability in SAP Adaptive Server Enterprise SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
2022-06-14 | CVE-2022-31619 | Siemens | Use of Hard-coded Credentials vulnerability in Siemens Teamcenter A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). | 8.8 |
2022-06-13 | CVE-2022-1749 | Wpmk Ajax Finder Project | Cross-Site Request Forgery (CSRF) vulnerability in Wpmk Ajax Finder Project Wpmk Ajax Finder 1.0.1 The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | 8.8 |
2022-06-13 | CVE-2022-1969 | Script | Cross-Site Request Forgery (CSRF) vulnerability in Script Mobile Browser Color Select 1.0.1 The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. | 8.8 |
2022-06-13 | CVE-2022-1900 | Copify | Cross-Site Request Forgery (CSRF) vulnerability in Copify The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. | 8.8 |
2022-06-13 | CVE-2022-1918 | Toolbar TO Share Project | Cross-Site Request Forgery (CSRF) vulnerability in Toolbar to Share Project Toolbar to Share 2.0 The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. | 8.8 |
2022-06-13 | CVE-2017-20042 | Vendavo | SQL Injection vulnerability in Vendavo Pricepoint 4.6.0.0 A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. | 8.8 |
2022-06-13 | CVE-2017-20045 | Vendavo | Cross-Site Request Forgery (CSRF) vulnerability in Vendavo Pricepoint 4.6.0.0 A vulnerability was found in Navetti PricePoint 4.6.0.0. | 8.8 |
2022-06-15 | CVE-2022-30163 | Microsoft | Race Condition vulnerability in Microsoft products Windows Hyper-V Remote Code Execution Vulnerability | 8.5 |
2022-06-15 | CVE-2022-22021 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 8.3 |
2022-06-14 | CVE-2021-35123 | Qualcomm | Unspecified vulnerability in Qualcomm products Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT | 8.3 |
2022-06-16 | CVE-2022-27511 | Citrix | Unspecified vulnerability in Citrix Application Delivery Management Corruption of the system by a remote, unauthenticated user. | 8.1 |
2022-06-16 | CVE-2022-31625 | PHP Debian | Release of Invalid Pointer or Reference vulnerability in multiple products In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. | 8.1 |
2022-06-15 | CVE-2022-30141 | Microsoft | Unspecified vulnerability in Microsoft products Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 |
2022-06-15 | CVE-2022-32156 | Splunk | Improper Certificate Validation vulnerability in Splunk In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. | 8.1 |
2022-06-19 | CVE-2022-34006 | Southrivertech | Improper Privilege Management vulnerability in Southrivertech Titan FTP Server Nextgen An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. | 7.8 |
2022-06-19 | CVE-2022-2129 | VIM Fedoraproject Debian | Out-of-bounds Write vulnerability in multiple products Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-06-19 | CVE-2022-2126 | VIM Debian Fedoraproject Apple | Out-of-bounds Read vulnerability in multiple products Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-06-19 | CVE-2022-2125 | VIM Fedoraproject Apple | Heap-based Buffer Overflow vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-06-19 | CVE-2022-2124 | VIM Debian Fedoraproject Apple | Buffer Over-read vulnerability in multiple products Buffer Over-read in GitHub repository vim/vim prior to 8.2. | 7.8 |
2022-06-19 | CVE-2014-125020 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability has been found in FFmpeg 2.0 and classified as critical. | 7.8 |
2022-06-19 | CVE-2014-125024 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability was found in FFmpeg 2.0. | 7.8 |
2022-06-18 | CVE-2014-125011 | Ffmpeg | Incorrect Conversion between Numeric Types vulnerability in Ffmpeg 2.0 A vulnerability was found in FFmpeg 2.0. | 7.8 |
2022-06-18 | CVE-2014-125015 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability classified as critical has been found in FFmpeg 2.0. | 7.8 |
2022-06-18 | CVE-2014-125017 | Ffmpeg | Out-of-bounds Read vulnerability in Ffmpeg 2.0 A vulnerability classified as critical was found in FFmpeg 2.0. | 7.8 |
2022-06-17 | CVE-2020-36547 | GE | Use of Hard-coded Credentials vulnerability in GE Voluson S8 Firmware A vulnerability was found in GE Voluson S8. | 7.8 |
2022-06-17 | CVE-2020-36548 | GE | Improper Authentication vulnerability in GE Voluson S8 Firmware A vulnerability classified as problematic has been found in GE Voluson S8. | 7.8 |
2022-06-17 | CVE-2020-36549 | GE | Unspecified vulnerability in GE Voluson S8 Firmware A vulnerability classified as critical was found in GE Voluson S8. | 7.8 |
2022-06-17 | CVE-2022-33912 | Tribe29 Checkmk | Incorrect Default Permissions vulnerability in multiple products A permission issue affects users that deployed the shipped version of the Checkmk Debian package. | 7.8 |
2022-06-16 | CVE-2022-31464 | Adaware | Incorrect Permission Assignment for Critical Resource vulnerability in Adaware Protect 1.2.439.4251 Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path. | 7.8 |
2022-06-16 | CVE-2022-30656 | Adobe | Out-of-bounds Write vulnerability in Adobe Incopy Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-06-16 | CVE-2022-32545 | Imagemagick Redhat Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. | 7.8 |
2022-06-16 | CVE-2022-32546 | Imagemagick Redhat Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. | 7.8 |
2022-06-16 | CVE-2022-32547 | Imagemagick Redhat Fedoraproject | Incorrect Type Conversion or Cast vulnerability in multiple products In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. | 7.8 |
2022-06-16 | CVE-2022-30659 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-06-16 | CVE-2017-20052 | Python | Uncontrolled Search Path Element vulnerability in Python 2.7.13 A vulnerability classified as problematic was found in Python 2.7.13. | 7.8 |
2022-06-15 | CVE-2022-20203 | Out-of-bounds Write vulnerability in Google Android 12.1 In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. | 7.8 | |
2022-06-15 | CVE-2022-22018 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2022-06-15 | CVE-2022-29111 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2022-06-15 | CVE-2022-29119 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2022-06-15 | CVE-2022-29149 | Microsoft | Unspecified vulnerability in Microsoft products Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30131 | Microsoft | Unspecified vulnerability in Microsoft products Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30132 | Microsoft | Unspecified vulnerability in Microsoft products Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30135 | Microsoft | Unspecified vulnerability in Microsoft products Windows Media Center Elevation of Privilege Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30147 | Microsoft | Unspecified vulnerability in Microsoft products Windows Installer Elevation of Privilege Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30160 | Microsoft | Unspecified vulnerability in Microsoft products Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30164 | Microsoft | Unspecified vulnerability in Microsoft products Kerberos AppContainer Security Feature Bypass Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30166 | Microsoft | Unspecified vulnerability in Microsoft products Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30167 | Microsoft | Unspecified vulnerability in Microsoft AV1 Video Extension AV1 Video Extension Remote Code Execution Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30168 | Microsoft | Unspecified vulnerability in Microsoft Photos Microsoft Photos App Remote Code Execution Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30173 | Microsoft | Unspecified vulnerability in Microsoft Excel and Office web Apps Server Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30174 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps and Office Long Term Servicing Channel Microsoft Office Remote Code Execution Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30177 | Microsoft | Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30178 | Microsoft | Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30179 | Microsoft | Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30180 | Microsoft | Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio Azure RTOS GUIX Studio Information Disclosure Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30188 | Microsoft | Unspecified vulnerability in Microsoft Hevc Video Extensions HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 |
2022-06-15 | CVE-2022-30193 | Microsoft | Unspecified vulnerability in Microsoft AV1 Video Extension 1.1.32442.0 AV1 Video Extension Remote Code Execution Vulnerability | 7.8 |
2022-06-15 | CVE-2022-24946 | Mitsubishielectric | Improper Locking vulnerability in Mitsubishielectric products Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. | 7.8 |
2022-06-15 | CVE-2021-43755 | Adobe | Out-of-bounds Write vulnerability in Adobe After Effects Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. | 7.8 |
2022-06-15 | CVE-2022-28226 | Yandex | Exposure of Resource to Wrong Sphere vulnerability in Yandex Browser Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process. | 7.8 |
2022-06-15 | CVE-2022-28844 | Adobe | Out-of-bounds Write vulnerability in Adobe Bridge Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-06-15 | CVE-2022-28849 | Adobe | Use After Free vulnerability in Adobe Bridge Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-06-15 | CVE-2021-43754 | Adobe | Out-of-bounds Write vulnerability in Adobe Prelude Adobe Prelude version 22.1.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. | 7.8 |
2022-06-15 | CVE-2021-43756 | Adobe | Out-of-bounds Write vulnerability in Adobe Media Encoder Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an Out-of-bounds Write vulnerability. | 7.8 |
2022-06-15 | CVE-2022-31216 | ABB | Link Following vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. | 7.8 |
2022-06-15 | CVE-2022-31217 | ABB | Link Following vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. | 7.8 |
2022-06-15 | CVE-2022-31218 | ABB | Link Following vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. | 7.8 |
2022-06-15 | CVE-2022-31219 | ABB | Link Following vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. | 7.8 |
2022-06-15 | CVE-2021-39820 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. | 7.8 |
2022-06-15 | CVE-2022-20138 | Missing Authorization vulnerability in Google Android In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. | 7.8 | |
2022-06-15 | CVE-2022-20144 | Unspecified vulnerability in Google Android 10.0/11.0 In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. | 7.8 | |
2022-06-15 | CVE-2022-20168 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A | 7.8 | |
2022-06-15 | CVE-2022-20181 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A | 7.8 | |
2022-06-15 | CVE-2022-20186 | Improper Input Validation vulnerability in Google Android In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. | 7.8 | |
2022-06-15 | CVE-2022-20190 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A | 7.8 | |
2022-06-15 | CVE-2022-20204 | Missing Authorization vulnerability in Google Android 12.1 In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. | 7.8 | |
2022-06-15 | CVE-2022-20123 | Out-of-bounds Read vulnerability in Google Android In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. | 7.8 | |
2022-06-15 | CVE-2022-20124 | Unspecified vulnerability in Google Android In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. | 7.8 | |
2022-06-15 | CVE-2022-20133 | Missing Authorization vulnerability in Google Android In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. | 7.8 | |
2022-06-14 | CVE-2022-32230 | Microsoft | NULL Pointer Dereference vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2019 Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. | 7.8 |
2022-06-14 | CVE-2021-30340 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
2022-06-14 | CVE-2021-30350 | Qualcomm | Improper Validation of Specified Quantity in Input vulnerability in Qualcomm products Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | 7.8 |
2022-06-14 | CVE-2021-35073 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
2022-06-14 | CVE-2021-35076 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
2022-06-14 | CVE-2021-35078 | Qualcomm | Memory Leak vulnerability in Qualcomm products Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.8 |
2022-06-14 | CVE-2021-35086 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over read due to improper validation of SIB type when processing a NR system Information message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
2022-06-14 | CVE-2021-35087 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Possible null pointer access due to improper validation of system information message to be processed in Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
2022-06-14 | CVE-2021-35096 | Qualcomm | Allocation of Resources Without Limits or Throttling vulnerability in Qualcomm products Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
2022-06-14 | CVE-2021-35100 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
2022-06-14 | CVE-2021-35102 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 7.8 |
2022-06-14 | CVE-2022-22057 | Qualcomm | Race Condition vulnerability in Qualcomm products Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.8 |
2022-06-14 | CVE-2022-22064 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
2022-06-14 | CVE-2022-22065 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
2022-06-14 | CVE-2022-22072 | Qualcomm | Improper Validation of Specified Quantity in Input vulnerability in Qualcomm products Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 7.8 |
2022-06-14 | CVE-2022-22083 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
2022-06-14 | CVE-2022-31465 | Siemens | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Xpedition Designer A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). | 7.8 |
2022-06-14 | CVE-2022-32252 | Siemens | Insufficient Verification of Data Authenticity vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 7.8 |
2022-06-14 | CVE-2022-29925 | Fujielectric | Access of Uninitialized Pointer vulnerability in Fujielectric V-Sft 6.0.0.0/6.1.5.0 Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 7.8 |
2022-06-13 | CVE-2022-29798 | Huawei | Unspecified vulnerability in Huawei Cv81-Wdm Firmware 01.70.49.29.46 There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. | 7.8 |
2022-06-13 | CVE-2022-31762 | Huawei | Improper Input Validation vulnerability in Huawei Emui, Harmonyos and Magic UI The AMS module has a vulnerability in input validation. | 7.8 |
2022-06-15 | CVE-2022-20664 | Cisco | Information Exposure vulnerability in Cisco Email Security Appliance A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. | 7.7 |
2022-06-19 | CVE-2022-34005 | Southrivertech | Use of Hard-coded Credentials vulnerability in Southrivertech Titan FTP Server Nextgen An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. | 7.5 |
2022-06-17 | CVE-2022-25852 | PG Native Project Libpq Project | Incorrect Type Conversion or Cast vulnerability in multiple products All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. | 7.5 |
2022-06-17 | CVE-2022-25856 | Argo Events Project | Link Following vulnerability in Argo Events Project Argo Events The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. | 7.5 |
2022-06-17 | CVE-2022-31874 | Asus | Command Injection vulnerability in Asus Rt-N53 Firmware 3.0.0.4.376.3754 ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface. | 7.5 |
2022-06-17 | CVE-2022-31083 | Parseplatform | Improper Certificate Validation vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 7.5 |
2022-06-17 | CVE-2022-31941 | Rescue Dispatch Management System Project | SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0 Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=. | 7.5 |
2022-06-17 | CVE-2022-21806 | Anker | Use After Free vulnerability in Anker Eufy Homebase 2 Firmware 2.1.8.5H A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. | 7.5 |
2022-06-17 | CVE-2022-29496 | Blynk | Out-of-bounds Write vulnerability in Blynk Blynk-Library 1.0.1 A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. | 7.5 |
2022-06-17 | CVE-2022-31355 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2 Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=. | 7.5 |
2022-06-17 | CVE-2022-31356 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2 Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=. | 7.5 |
2022-06-17 | CVE-2022-31357 | Online Ordering System Project | SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2 Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=. | 7.5 |
2022-06-17 | CVE-2021-41408 | Voipmonitor | SQL Injection vulnerability in Voipmonitor 24.61 VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter. | 7.5 |
2022-06-17 | CVE-2021-45025 | Rocketsoftware | Cleartext Storage of Sensitive Information vulnerability in Rocketsoftware Ags-Zena 4.2.1 ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie. | 7.5 |
2022-06-17 | CVE-2022-31296 | Online Discussion Forum Project | SQL Injection vulnerability in Online Discussion Forum Project Online Discussion Forum 1.0 Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php. | 7.5 |
2022-06-17 | CVE-2022-32276 | Grafana | Improper Authentication vulnerability in Grafana 8.4.3 Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. | 7.5 |
2022-06-16 | CVE-2022-33750 | Broadcom | Improper Authentication vulnerability in Broadcom CA Automic Automation 12.2/12.3 CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. | 7.5 |
2022-06-16 | CVE-2022-33751 | Broadcom | Unspecified vulnerability in Broadcom CA Automic Automation 12.2/12.3 CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. | 7.5 |
2022-06-16 | CVE-2022-33752 | Broadcom | Improper Input Validation vulnerability in Broadcom CA Automic Automation 12.2/12.3 CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | 7.5 |
2022-06-16 | CVE-2022-33754 | Broadcom | Improper Input Validation vulnerability in Broadcom CA Automic Automation 12.2/12.3 CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | 7.5 |
2022-06-16 | CVE-2021-41487 | Nokia | SQL Injection vulnerability in Nokia Vitalsuite 2020 NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'. | 7.5 |
2022-06-16 | CVE-2022-31291 | Genivi Debian | Double Free vulnerability in multiple products An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. | 7.5 |
2022-06-16 | CVE-2021-41654 | Wuzhicms | SQL Injection vulnerability in Wuzhicms 4.1.0 SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php | 7.5 |
2022-06-16 | CVE-2021-41411 | Redhat | XXE vulnerability in Redhat Drools 6.1.0 drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. | 7.5 |
2022-06-15 | CVE-2021-41403 | Flatcore | Server-Side Request Forgery (SSRF) vulnerability in Flatcore Flatcore-Cms 2.0.8 flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities. | 7.5 |
2022-06-15 | CVE-2022-29143 | Microsoft | Unspecified vulnerability in Microsoft SQL Server Microsoft SQL Server Remote Code Execution Vulnerability | 7.5 |
2022-06-15 | CVE-2022-30139 | Microsoft | Unspecified vulnerability in Microsoft products Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
2022-06-15 | CVE-2022-30140 | Microsoft | Unspecified vulnerability in Microsoft products Windows iSCSI Discovery Service Remote Code Execution Vulnerability | 7.5 |
2022-06-15 | CVE-2022-30142 | Microsoft | Unspecified vulnerability in Microsoft products Windows File History Remote Code Execution Vulnerability | 7.5 |
2022-06-15 | CVE-2022-30143 | Microsoft | Unspecified vulnerability in Microsoft products Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
2022-06-15 | CVE-2022-30145 | Microsoft | Unspecified vulnerability in Microsoft products Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | 7.5 |
2022-06-15 | CVE-2022-30146 | Microsoft | Unspecified vulnerability in Microsoft products Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
2022-06-15 | CVE-2022-30149 | Microsoft | Unspecified vulnerability in Microsoft products Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 7.5 |
2022-06-15 | CVE-2022-30150 | Microsoft | Improper Authentication vulnerability in Microsoft products Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability | 7.5 |
2022-06-15 | CVE-2022-30152 | Microsoft | Unspecified vulnerability in Microsoft products Windows Network Address Translation (NAT) Denial of Service Vulnerability | 7.5 |
2022-06-15 | CVE-2021-40940 | Monstra | Unrestricted Upload of File with Dangerous Type vulnerability in Monstra Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability. | 7.5 |
2022-06-15 | CVE-2022-32101 | Kkcms Project | SQL Injection vulnerability in Kkcms Project Kkcms 1.37 kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php. | 7.5 |
2022-06-15 | CVE-2022-32158 | Splunk | Unspecified vulnerability in Splunk Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. | 7.5 |
2022-06-15 | CVE-2022-32301 | Youdiancms | SQL Injection vulnerability in Youdiancms 9.5.0 YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php. | 7.5 |
2022-06-15 | CVE-2019-4575 | IBM | SQL Injection vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. | 7.5 |
2022-06-15 | CVE-2022-20131 | Out-of-bounds Read vulnerability in Google Android In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2022-06-15 | CVE-2021-40212 | Daum | Out-of-bounds Write vulnerability in Daum Potplayer 1.7.21523 An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.21523 build 210729 may lead to code execution, information disclosure, and denial of service. | 7.5 |
2022-06-14 | CVE-2021-42675 | Kreado | Unrestricted Upload of File with Dangerous Type vulnerability in Kreado Kreasfero 1.5 Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. | 7.5 |
2022-06-14 | CVE-2022-32337 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=. | 7.5 |
2022-06-14 | CVE-2022-32557 | Couchbase | Missing Authentication for Critical Function vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 7.0.4. | 7.5 |
2022-06-14 | CVE-2022-32352 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission. | 7.5 |
2022-06-14 | CVE-2021-40660 | Javadelight | Unspecified vulnerability in Javadelight Nashorn Sandbox 0.2.0 An issue was discovered in Delight Nashorn Sandbox 0.2.0. | 7.5 |
2022-06-14 | CVE-2022-31308 | Wavlink | Information Exposure vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719 A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 7.5 |
2022-06-14 | CVE-2022-31309 | Wavlink | Information Exposure vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719 A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 7.5 |
2022-06-14 | CVE-2022-31847 | Wavlink | Forced Browsing vulnerability in Wavlink Wn579X3 Firmware M79X3.V5030.180719 A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. | 7.5 |
2022-06-14 | CVE-2022-32336 | Fast Food Ordering System Project | SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=. | 7.5 |
2022-06-14 | CVE-2021-30344 | Qualcomm | Unspecified vulnerability in Qualcomm products Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 |
2022-06-14 | CVE-2022-30230 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens Sicam Gridedge Essential A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). | 7.5 |
2022-06-14 | CVE-2022-30937 | Siemens | Out-of-bounds Write vulnerability in Siemens products A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). | 7.5 |
2022-06-14 | CVE-2022-32253 | Siemens | Improper Input Validation vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 7.5 |
2022-06-14 | CVE-2022-32254 | Siemens | Information Exposure Through Log Files vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 7.5 |
2022-06-14 | CVE-2022-32258 | Siemens | Unspecified vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 7.5 |
2022-06-14 | CVE-2022-32261 | Siemens | Unspecified vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 7.5 |
2022-06-14 | CVE-2022-25167 | Apache | Unspecified vulnerability in Apache Flume 1.4.0/1.9.0 Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 7.5 |
2022-06-13 | CVE-2021-41661 | Church Management System Project | SQL Injection vulnerability in Church Management System Project Church Management System 1.0 Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. | 7.5 |
2022-06-13 | CVE-2021-41662 | South Gate INN Online Reservation System Project | SQL Injection vulnerability in South Gate INN Online Reservation System Project South Gate INN Online Reservation System 1.0 The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. | 7.5 |
2022-06-13 | CVE-2022-32560 | Couchbase | Missing Authorization vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 7.0.4. | 7.5 |
2022-06-13 | CVE-2022-31054 | Argo Events Project | Out-of-bounds Write vulnerability in Argo Events Project Argo Events Argo Events is an event-driven workflow automation framework for Kubernetes. | 7.5 |
2022-06-13 | CVE-2021-40036 | Huawei | Out-of-bounds Write vulnerability in Huawei Harmonyos The bone voice ID TA has a memory overwrite vulnerability. | 7.5 |
2022-06-13 | CVE-2022-23167 | Amodat | Unspecified vulnerability in Amodat Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. | 7.5 |
2022-06-13 | CVE-2022-23168 | Amodat | SQL Injection vulnerability in Amodat Mobile Application Gateway The attacker could get access to the database. | 7.5 |
2022-06-13 | CVE-2022-31055 | Unspecified vulnerability in Google Kctf kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. | 7.5 | |
2022-06-13 | CVE-2021-46814 | Huawei | Out-of-bounds Write vulnerability in Huawei Emui, Harmonyos and Magic UI The video framework has an out-of-bounds memory read/write vulnerability. | 7.5 |
2022-06-13 | CVE-2022-1659 | Artbees | Unspecified vulnerability in Artbees Jupiterx Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. | 7.5 |
2022-06-13 | CVE-2022-1768 | Carrcommunications | Unspecified vulnerability in Carrcommunications Rsvpmaker The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. | 7.5 |
2022-06-13 | CVE-2022-29244 | Npmjs Netapp | Information Exposure vulnerability in multiple products npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. | 7.5 |
2022-06-13 | CVE-2022-0786 | Iqonic | SQL Injection vulnerability in Iqonic Kivicare The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users | 7.5 |
2022-06-13 | CVE-2022-0827 | Presspage | SQL Injection vulnerability in Presspage Bestbooks 2.6.3 The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users | 7.5 |
2022-06-13 | CVE-2022-1412 | Premierethemes | Incorrect Permission Assignment for Critical Resource vulnerability in Premierethemes LOG WP Mail 0.1 The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. | 7.5 |
2022-06-13 | CVE-2022-1762 | Webence | Unspecified vulnerability in Webence IQ Block Country The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. | 7.5 |
2022-06-13 | CVE-2022-2062 | Xgenecloud | Information Exposure Through an Error Message vulnerability in Xgenecloud Nocodb Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+. | 7.5 |
2022-06-13 | CVE-2022-26834 | Rakuten | Unspecified vulnerability in Rakuten Casa Apfv141/Apfv200 Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default. | 7.5 |
2022-06-15 | CVE-2022-20817 | Cisco | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cisco products A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. | 7.4 |
2022-06-15 | CVE-2022-20126 | Missing Authorization vulnerability in Google Android In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. | 7.3 | |
2022-06-15 | CVE-2022-20137 | Missing Authorization vulnerability in Google Android 12.0/12.1 In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. | 7.3 | |
2022-06-15 | CVE-2021-25261 | Yandex | Link Following vulnerability in Yandex Browser Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | 7.2 |
2022-06-15 | CVE-2022-28225 | Yandex | Link Following vulnerability in Yandex Browser Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | 7.2 |
2022-06-15 | CVE-2022-26057 | ABB | Improper Privilege Management vulnerability in ABB Mint Workbench 5866 Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. | 7.2 |
2022-06-15 | CVE-2022-20142 | Unspecified vulnerability in Google Android In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. | 7.2 | |
2022-06-15 | CVE-2022-20147 | Out-of-bounds Write vulnerability in Google Android In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. | 7.2 | |
2022-06-15 | CVE-2022-20156 | Improper Input Validation vulnerability in Google Android In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. | 7.2 | |
2022-06-15 | CVE-2022-20233 | Out-of-bounds Write vulnerability in Google Android In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. | 7.2 | |
2022-06-15 | CVE-2022-20125 | Unspecified vulnerability in Google Android In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. | 7.2 | |
2022-06-15 | CVE-2022-20134 | Improper Input Validation vulnerability in Google Android In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. | 7.2 | |
2022-06-15 | CVE-2022-20135 | Unspecified vulnerability in Google Android In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. | 7.2 | |
2022-06-14 | CVE-2022-31590 | SAP | Unspecified vulnerability in SAP Powerdesigner Proxy 16.7 SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. | 7.2 |
2022-06-14 | CVE-2022-31594 | SAP | Unspecified vulnerability in SAP Adaptive Server Enterprise A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. | 7.2 |
2022-06-14 | CVE-2021-30281 | Qualcomm | Unspecified vulnerability in Qualcomm products Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 7.2 |
2022-06-14 | CVE-2021-30327 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & Music | 7.2 |
2022-06-14 | CVE-2021-30334 | Qualcomm | Use After Free vulnerability in Qualcomm products Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
2022-06-14 | CVE-2021-35072 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
2022-06-14 | CVE-2021-35091 | Qualcomm | Incorrect Type Conversion or Cast vulnerability in Qualcomm products Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile | 7.2 |
2022-06-14 | CVE-2021-35094 | Qualcomm | Improper Authentication vulnerability in Qualcomm products Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.2 |
2022-06-14 | CVE-2021-35112 | Qualcomm | Incorrect Authorization vulnerability in Qualcomm products A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
2022-06-14 | CVE-2021-35114 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm Sa8540P Firmware and Sa9000P Firmware Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto | 7.2 |
2022-06-14 | CVE-2021-35126 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.2 |
2022-06-14 | CVE-2021-35129 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 7.2 |
2022-06-14 | CVE-2021-35130 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.2 |
2022-06-14 | CVE-2022-22068 | Qualcomm | Use After Free vulnerability in Qualcomm products kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
2022-06-14 | CVE-2022-22071 | Qualcomm | Use After Free vulnerability in Qualcomm products Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 7.2 |
2022-06-14 | CVE-2022-22082 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
2022-06-14 | CVE-2022-22084 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
2022-06-14 | CVE-2022-22085 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.2 |
2022-06-14 | CVE-2022-22090 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 7.2 |
2022-06-14 | CVE-2022-22103 | Qualcomm | Double Free vulnerability in Qualcomm Sa8540P Firmware and Sa9000P Firmware Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto | 7.2 |
2022-06-13 | CVE-2022-22259 | Huawei | Improper Authentication vulnerability in Huawei Flmg-10 Firmware 10.0.1.0(H100Sp22C00) There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). | 7.2 |
2022-06-13 | CVE-2022-0863 | WP SVG Icons Project | Unrestricted Upload of File with Dangerous Type vulnerability in WP SVG Icons Project WP SVG Icons The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution. | 7.2 |
2022-06-13 | CVE-2022-1800 | Soflyy | SQL Injection vulnerability in Soflyy Export ANY Wordpress Data to Xml/Csv The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. | 7.2 |
2022-06-13 | CVE-2022-28704 | Rakuten | Unspecified vulnerability in Rakuten Casa Apfv141/Apfv200 Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings. | 7.2 |
2022-06-16 | CVE-2021-3675 | Synaptics | Out-of-bounds Write vulnerability in Synaptics Fingerprint Driver Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. | 7.1 |
2022-06-14 | CVE-2021-30342 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 7.1 |
2022-06-14 | CVE-2021-30343 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.1 |
2022-06-14 | CVE-2021-35111 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile | 7.1 |
2022-06-15 | CVE-2022-30151 | Microsoft | Unspecified vulnerability in Microsoft products Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.0 |
2022-06-15 | CVE-2022-20141 | Improper Locking vulnerability in Google Android In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. | 7.0 | |
2022-06-14 | CVE-2021-35095 | Qualcomm | Deserialization of Untrusted Data vulnerability in Qualcomm products Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile | 7.0 |
396 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-06-15 | CVE-2022-22788 | Zoom | Uncontrolled Search Path Element vulnerability in Zoom Meetings and Rooms The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. | 6.9 |
2022-06-15 | CVE-2022-20148 | Race Condition vulnerability in Google Android In TBD of TBD, there is a possible use-after-free due to a race condition. | 6.9 | |
2022-06-15 | CVE-2022-20155 | Race Condition vulnerability in Google Android In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. | 6.9 | |
2022-06-15 | CVE-2021-39691 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0 In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. | 6.9 | |
2022-06-14 | CVE-2021-35090 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 6.9 |
2022-06-13 | CVE-2022-24077 | Naver | Uncontrolled Search Path Element vulnerability in Naver Cloud Explorer Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. | 6.9 |
2022-06-17 | CVE-2018-25040 | Utorrent | Unspecified vulnerability in Utorrent web A vulnerability was found in uTorrent Web. | 6.8 |
2022-06-17 | CVE-2018-25041 | Utorrent | Unspecified vulnerability in Utorrent web A vulnerability was found in uTorrent. | 6.8 |
2022-06-17 | CVE-2018-25042 | Bittorrent | Out-of-bounds Write vulnerability in Bittorrent Utorrent A vulnerability classified as critical has been found in uTorrent. | 6.8 |
2022-06-17 | CVE-2018-25043 | Bittorrent | Improper Authentication vulnerability in Bittorrent Utorrent A vulnerability classified as critical was found in uTorrent. | 6.8 |
2022-06-17 | CVE-2018-25044 | Bittorrent | Improper Privilege Management vulnerability in Bittorrent Utorrent A vulnerability, which was classified as critical, has been found in uTorrent. | 6.8 |
2022-06-17 | CVE-2022-31784 | Mitel | Classic Buffer Overflow vulnerability in Mitel Mivoice Business and Mivoice Business Express A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. | 6.8 |
2022-06-16 | CVE-2022-26173 | Jforum | Cross-Site Request Forgery (CSRF) vulnerability in Jforum 2.8.0 JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. | 6.8 |
2022-06-16 | CVE-2022-27531 | Autodesk | Out-of-bounds Read vulnerability in Autodesk 3DS MAX 2021/2022 A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. | 6.8 |
2022-06-16 | CVE-2022-27532 | Autodesk | Out-of-bounds Write vulnerability in Autodesk 3DS MAX 2021/2022 A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. | 6.8 |
2022-06-16 | CVE-2022-30538 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 5.4.42.0 Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 6.8 |
2022-06-16 | CVE-2022-30546 | Fujielectric | Out-of-bounds Read vulnerability in Fujielectric Monitouch V-Sft 5.4.42.0 Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 6.8 |
2022-06-16 | CVE-2022-30549 | Fujielectric | Out-of-bounds Read vulnerability in Fujielectric V-Server Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 6.8 |
2022-06-15 | CVE-2022-30649 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 6.8 |
2022-06-15 | CVE-2021-42735 | Adobe | Access of Memory Location After End of Buffer vulnerability in Adobe Photoshop Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by an Access of Memory Location After End of Buffer vulnerability, potentially resulting in arbitrary code execution in the context of the current user. | 6.8 |
2022-06-15 | CVE-2021-42732 | Adobe | Access of Memory Location After End of Buffer vulnerability in Adobe Indesign Access of Memory Location After End of Buffer (CWE-788) | 6.8 |
2022-06-15 | CVE-2022-32153 | Splunk | Improper Certificate Validation vulnerability in Splunk Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. | 6.8 |
2022-06-15 | CVE-2022-29437 | Nextcode | Cross-Site Request Forgery (CSRF) vulnerability in Nextcode Image Slider BY Nextcode Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | 6.8 |
2022-06-15 | CVE-2021-41413 | OK File Formats Project | Classic Buffer Overflow vulnerability in Ok-File-Formats Project Ok-File-Formats 2021912 ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB. | 6.8 |
2022-06-14 | CVE-2022-26302 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric V-Sft Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 6.8 |
2022-06-14 | CVE-2022-27176 | Jscom | Unspecified vulnerability in Jscom products Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment. | 6.8 |
2022-06-14 | CVE-2022-29506 | Fujielectric | Out-of-bounds Read vulnerability in Fujielectric V-Server and V-Sft Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 6.8 |
2022-06-14 | CVE-2022-29522 | Fujielectric | Use After Free vulnerability in Fujielectric V-Server and V-Sft Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 6.8 |
2022-06-14 | CVE-2022-29524 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric V-Server Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 6.8 |
2022-06-13 | CVE-2022-32278 | Xfce Debian | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | 6.8 |
2022-06-13 | CVE-2022-29247 | Electronjs | Exposure of Resource to Wrong Sphere vulnerability in Electronjs Electron Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. | 6.8 |
2022-06-13 | CVE-2021-46816 | Adobe | Out-of-bounds Write vulnerability in Adobe Premiere PRO Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. | 6.8 |
2022-06-13 | CVE-2021-46817 | Adobe | Out-of-bounds Write vulnerability in Adobe Media Encoder Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. | 6.8 |
2022-06-13 | CVE-2021-46818 | Adobe | Out-of-bounds Write vulnerability in Adobe Media Encoder Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. | 6.8 |
2022-06-13 | CVE-2022-1202 | Usabilitydynamics | Improper Neutralization of Formula Elements in a CSV File vulnerability in Usabilitydynamics Wp-Crm 1.2.1 The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. | 6.8 |
2022-06-13 | CVE-2022-1758 | Genki PRE Publish Reminder Project | Cross-Site Request Forgery (CSRF) vulnerability in Genki Pre-Publish Reminder Project Genki Pre-Publish Reminder The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings. | 6.8 |
2022-06-13 | CVE-2022-1765 | HOT Linked Image Cacher Project | Cross-Site Request Forgery (CSRF) vulnerability in HOT Linked Image Cacher Project HOT Linked Image Cacher The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. | 6.8 |
2022-06-13 | CVE-2022-2063 | Xgenecloud | Improper Privilege Management vulnerability in Xgenecloud Nocodb Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. | 6.8 |
2022-06-15 | CVE-2022-30137 | Microsoft | Unspecified vulnerability in Microsoft Service Fabric Executive Summary An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. | 6.7 |
2022-06-15 | CVE-2022-20153 | Improper Locking vulnerability in Google Android In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. | 6.7 | |
2022-06-15 | CVE-2022-20201 | Out-of-bounds Read vulnerability in Google Android 12.1 In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. | 6.7 | |
2022-06-14 | CVE-2021-30349 | Qualcomm | Unspecified vulnerability in Qualcomm products Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 6.7 |
2022-06-14 | CVE-2021-35092 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 6.7 |
2022-06-14 | CVE-2021-35120 | Qualcomm | Use After Free vulnerability in Qualcomm products Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 6.7 |
2022-06-14 | CVE-2021-35116 | Qualcomm | Improper Input Validation vulnerability in Qualcomm products APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 6.6 |
2022-06-19 | CVE-2022-34000 | Libjxl Project | Reachable Assertion vulnerability in Libjxl Project Libjxl 0.6.1 libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | 6.5 |
2022-06-19 | CVE-2022-23071 | Tandoor | Server-Side Request Forgery (SSRF) vulnerability in Tandoor Recipes In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. | 6.5 |
2022-06-18 | CVE-2021-46823 | Python Ldap | Unspecified vulnerability in Python-Ldap python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. | 6.5 |
2022-06-17 | CVE-2022-30607 | IBM | Information Exposure vulnerability in IBM Robotic Process Automation IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. | 6.5 |
2022-06-17 | CVE-2019-12352 | Zzcms | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 6.5 |
2022-06-17 | CVE-2019-12353 | Zzcms | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 6.5 |
2022-06-17 | CVE-2019-12354 | Zzcms | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 6.5 |
2022-06-17 | CVE-2019-12355 | Zzcms | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 6.5 |
2022-06-17 | CVE-2019-12356 | Zzcms | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 6.5 |
2022-06-17 | CVE-2019-12357 | Zzcms | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 6.5 |
2022-06-17 | CVE-2019-12358 | Zzcms | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 6.5 |
2022-06-17 | CVE-2019-12359 | Zzcms | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 6.5 |
2022-06-16 | CVE-2020-35597 | Victor CMS Project | SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0 Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. | 6.5 |
2022-06-16 | CVE-2022-22953 | Vmware | Unspecified vulnerability in VMWare HCX 4.3.1/4.3.2 VMware HCX update addresses an information disclosure vulnerability. | 6.5 |
2022-06-16 | CVE-2022-31908 | Student Registration AND FEE Payment System Project | SQL Injection vulnerability in Student Registration and FEE Payment System Project Student Registration and FEE Payment System 1.0 Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php. | 6.5 |
2022-06-16 | CVE-2022-31911 | Online Discussion Forum Site Project | SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team. | 6.5 |
2022-06-16 | CVE-2022-31912 | Online Tutor Portal Site Project | SQL Injection vulnerability in Online Tutor Portal Site Project Online Tutor Portal Site 1.0 Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team. | 6.5 |
2022-06-16 | CVE-2021-41402 | Flatcore | Code Injection vulnerability in Flatcore Flatcore-Cms 2.0.8 flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. | 6.5 |
2022-06-15 | CVE-2022-30189 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 20H2/21H1/21H2 Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability | 6.5 |
2022-06-15 | CVE-2022-32370 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=. | 6.5 |
2022-06-15 | CVE-2022-32371 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher.php?id=. | 6.5 |
2022-06-15 | CVE-2022-32372 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject.php?id=. | 6.5 |
2022-06-15 | CVE-2022-32368 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=. | 6.5 |
2022-06-15 | CVE-2022-32373 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam.php?id=. | 6.5 |
2022-06-15 | CVE-2022-32374 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=. | 6.5 |
2022-06-15 | CVE-2022-32375 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=. | 6.5 |
2022-06-15 | CVE-2022-32376 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_events.php?event_id=. | 6.5 |
2022-06-15 | CVE-2022-32377 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=. | 6.5 |
2022-06-15 | CVE-2022-32378 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=. | 6.5 |
2022-06-15 | CVE-2022-32379 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=. | 6.5 |
2022-06-15 | CVE-2022-32380 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=. | 6.5 |
2022-06-15 | CVE-2022-32381 | Advanced School Management System Project | SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_admin_profile.php?my_index=. | 6.5 |
2022-06-15 | CVE-2022-32433 | Advanced School Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Advanced School Management System Project Advanced School Management System 1.0 itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. | 6.5 |
2022-06-15 | CVE-2022-20819 | Cisco | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. | 6.5 |
2022-06-15 | CVE-2022-32152 | Splunk | Improper Certificate Validation vulnerability in Splunk Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. | 6.5 |
2022-06-15 | CVE-2022-32299 | Youdiancms | SQL Injection vulnerability in Youdiancms 9.5.0 YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php. | 6.5 |
2022-06-15 | CVE-2022-32300 | Youdiancms | SQL Injection vulnerability in Youdiancms 9.5.0 YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php. | 6.5 |
2022-06-15 | CVE-2022-32302 | Theme Park Ticketing System Project | SQL Injection vulnerability in Theme Park Ticketing System Project Theme Park Ticketing System 1.0 Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php. | 6.5 |
2022-06-15 | CVE-2022-32991 | WEB Based Quiz System Project | SQL Injection vulnerability in web Based Quiz System Project web Based Quiz System 1.0 Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php. | 6.5 |
2022-06-15 | CVE-2022-32992 | Online Tours AND Travels Management System Project | SQL Injection vulnerability in Online Tours and Travels Management System Project Online Tours and Travels Management System 1.0 Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php. | 6.5 |
2022-06-15 | CVE-2022-2086 | Bank Management System Project | SQL Injection vulnerability in Bank Management System Project Bank Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. | 6.5 |
2022-06-15 | CVE-2022-1958 | Filecloud | Improper Access Control vulnerability in Filecloud A vulnerability classified as critical has been found in FileCloud. | 6.5 |
2022-06-14 | CVE-2022-31047 | Typo3 | Information Exposure Through an Error Message vulnerability in Typo3 TYPO3 is an open source web content management system. | 6.5 |
2022-06-14 | CVE-2022-31050 | Typo3 | Insufficient Session Expiration vulnerability in Typo3 TYPO3 is an open source web content management system. | 6.5 |
2022-06-14 | CVE-2022-32353 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32354 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=. | 6.5 |
2022-06-14 | CVE-2022-32355 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=. | 6.5 |
2022-06-14 | CVE-2022-32358 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry. | 6.5 |
2022-06-14 | CVE-2022-32359 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category. | 6.5 |
2022-06-14 | CVE-2022-32362 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32363 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=. | 6.5 |
2022-06-14 | CVE-2022-31589 | SAP | Unspecified vulnerability in SAP products Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. | 6.5 |
2022-06-14 | CVE-2022-32364 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=. | 6.5 |
2022-06-14 | CVE-2022-32365 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32366 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32367 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=. | 6.5 |
2022-06-14 | CVE-2022-30931 | Employee Leaves Management System Project | Cross-Site Request Forgery (CSRF) vulnerability in Employee Leaves Management System Project Employee Leaves Management System 2.1 Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. | 6.5 |
2022-06-14 | CVE-2022-32330 | Fast Food Ordering System Project | SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_menu. | 6.5 |
2022-06-14 | CVE-2022-32331 | Fast Food Ordering System Project | SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/view_category.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32332 | Fast Food Ordering System Project | SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category. | 6.5 |
2022-06-14 | CVE-2022-32333 | Fast Food Ordering System Project | SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/sales/receipt.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32334 | Fast Food Ordering System Project | SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32335 | Fast Food Ordering System Project | SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/manage_menu.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32338 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/manage_doctor.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32339 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/view_doctor.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32340 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/view_patient&id=. | 6.5 |
2022-06-14 | CVE-2022-32341 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=user/manage_user&id=. | 6.5 |
2022-06-14 | CVE-2022-32342 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32343 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via hprms/admin/room_types/manage_room_type.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32344 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient. | 6.5 |
2022-06-14 | CVE-2022-32345 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32346 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/view_room.php?id=. | 6.5 |
2022-06-14 | CVE-2022-32347 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room. | 6.5 |
2022-06-14 | CVE-2022-32348 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_doctor. | 6.5 |
2022-06-14 | CVE-2022-32349 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_history. | 6.5 |
2022-06-14 | CVE-2022-32350 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room_type. | 6.5 |
2022-06-14 | CVE-2022-32351 | Hospital S Patient Records Management System Project | SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0 Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message. | 6.5 |
2022-06-14 | CVE-2021-40616 | Thinkcmf | Forced Browsing vulnerability in Thinkcmf 5.1.7 thinkcmf v5.1.7 has an unauthorized vulnerability. | 6.5 |
2022-06-14 | CVE-2022-32256 | Siemens | Unspecified vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 6.5 |
2022-06-14 | CVE-2022-32259 | Siemens | Unspecified vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 6.5 |
2022-06-13 | CVE-2022-32562 | Couchbase | Incorrect Default Permissions vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 7.0.4. | 6.5 |
2022-06-13 | CVE-2022-29257 | Electronjs | Unspecified vulnerability in Electronjs Electron Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. | 6.5 |
2022-06-13 | CVE-2022-23169 | Amodat | SQL Injection vulnerability in Amodat Mobile Application Gateway attacker needs to craft a SQL payload. | 6.5 |
2022-06-13 | CVE-2022-28217 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s Availability by causing system to crash. | 6.5 |
2022-06-13 | CVE-2022-1657 | Artbees | Path Traversal vulnerability in Artbees Jupiter and Jupiterx Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. | 6.5 |
2022-06-13 | CVE-2021-25116 | Enqueue Anything Project | Missing Authorization vulnerability in Enqueue Anything Project Enqueue Anything 1.0.1 The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. | 6.5 |
2022-06-13 | CVE-2022-1761 | Peter S Collaboration E Mails Project | Cross-Site Request Forgery (CSRF) vulnerability in Peter'S Collaboration E-Mails Project Peter'S Collaboration E-Mails The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. | 6.5 |
2022-06-13 | CVE-2022-1777 | Filr Project | Missing Authorization vulnerability in Filr Project Filr The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. | 6.5 |
2022-06-13 | CVE-2022-2064 | Xgenecloud | Insufficient Session Expiration vulnerability in Xgenecloud Nocodb Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. | 6.5 |
2022-06-15 | CVE-2022-32151 | Splunk | Improper Certificate Validation vulnerability in Splunk The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. | 6.4 |
2022-06-14 | CVE-2022-27889 | Palantir | Improper Control of Dynamically-Managed Code Resources vulnerability in Palantir Foundry Multipass The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. | 6.4 |
2022-06-14 | CVE-2021-40649 | Softwareag | Incorrect Permission Assignment for Critical Resource vulnerability in Softwareag Connx 6.2.0.1269 In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set. | 6.4 |
2022-06-13 | CVE-2021-40604 | Invisioncommunity | Server-Side Request Forgery (SSRF) vulnerability in Invisioncommunity IPS Community Suite A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. | 6.4 |
2022-06-13 | CVE-2022-31760 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. | 6.4 |
2022-06-13 | CVE-2022-2067 | Rosariosis | SQL Injection vulnerability in Rosariosis SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. | 6.4 |
2022-06-17 | CVE-2021-45026 | Rocketsoftware | Cross-site Scripting vulnerability in Rocketsoftware Ags-Zena 4.2.1 ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
2022-06-15 | CVE-2021-40776 | Adobe | Unspecified vulnerability in Adobe Lightroom Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. | 6.1 |
2022-06-14 | CVE-2022-29034 | Siemens | Cross-site Scripting vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 6.1 |
2022-06-13 | CVE-2022-1820 | Androidbubbles | Unspecified vulnerability in Androidbubbles Keep Backup Daily 2.0.2 The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. | 6.1 |
2022-06-13 | CVE-2022-0626 | Kuroit | Cross-site Scripting vulnerability in Kuroit Advanced Admin Search The Advanced Admin Search WordPress plugin before 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. | 6.1 |
2022-06-13 | CVE-2022-1707 | Gtm4Wp | Cross-site Scripting vulnerability in Gtm4Wp Google TAG Manager The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. | 6.1 |
2022-06-13 | CVE-2022-1822 | Zephyr Project Manager Project | Cross-site Scripting vulnerability in Zephyr Project Manager Project Zephyr Project Manager The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. | 6.1 |
2022-06-13 | CVE-2022-1985 | Wpdownloadmanager | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. | 6.1 |
2022-06-15 | CVE-2022-33140 | Apache | OS Command Injection vulnerability in Apache Nifi and Nifi Registry The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. | 6.0 |
2022-06-14 | CVE-2022-27221 | Siemens | Information Exposure Through Discrepancy vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 5.9 |
2022-06-17 | CVE-2022-32444 | Yuba | Open Redirect vulnerability in Yuba U5Cms 8.3.5 An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. | 5.8 |
2022-06-16 | CVE-2022-31277 | MI | Authentication Bypass by Capture-replay vulnerability in MI Xiaomi Lamp 1 Firmware 2.0.40066 Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. | 5.8 |
2022-06-13 | CVE-2022-1779 | Auto Delete Posts Project | Cross-Site Request Forgery (CSRF) vulnerability in Auto Delete Posts Project Auto Delete Posts The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once. | 5.8 |
2022-06-13 | CVE-2022-1791 | ONE Click Plugin Updater Project | Cross-Site Request Forgery (CSRF) vulnerability in ONE Click Plugin Updater Project ONE Click Plugin Updater The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check. | 5.8 |
2022-06-13 | CVE-2022-31040 | Maykinmedia | Open Redirect vulnerability in Maykinmedia Open Forms Open Forms is an application for creating and publishing smart forms. | 5.8 |
2022-06-19 | CVE-2014-125018 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. | 5.5 |
2022-06-19 | CVE-2014-125019 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. | 5.5 |
2022-06-19 | CVE-2014-125021 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability was found in FFmpeg 2.0 and classified as problematic. | 5.5 |
2022-06-19 | CVE-2014-125022 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability was found in FFmpeg 2.0. | 5.5 |
2022-06-19 | CVE-2014-125023 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability was found in FFmpeg 2.0. | 5.5 |
2022-06-19 | CVE-2014-125025 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability classified as problematic has been found in FFmpeg 2.0. | 5.5 |
2022-06-18 | CVE-2014-125002 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability was found in FFmpeg 2.0. | 5.5 |
2022-06-18 | CVE-2014-125003 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability was found in FFmpeg 2.0 and classified as problematic. | 5.5 |
2022-06-18 | CVE-2014-125004 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability has been found in FFmpeg 2.0 and classified as problematic. | 5.5 |
2022-06-18 | CVE-2014-125005 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. | 5.5 |
2022-06-18 | CVE-2014-125006 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. | 5.5 |
2022-06-18 | CVE-2014-125007 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability classified as problematic was found in FFmpeg 2.0. | 5.5 |
2022-06-18 | CVE-2014-125008 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability classified as problematic has been found in FFmpeg 2.0. | 5.5 |
2022-06-18 | CVE-2014-125009 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability classified as problematic has been found in FFmpeg 2.0. | 5.5 |
2022-06-18 | CVE-2014-125010 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability was found in FFmpeg 2.0. | 5.5 |
2022-06-18 | CVE-2014-125012 | Ffmpeg | Incorrect Conversion between Numeric Types vulnerability in Ffmpeg 2.0 A vulnerability was found in FFmpeg 2.0. | 5.5 |
2022-06-18 | CVE-2014-125013 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability was found in FFmpeg 2.0 and classified as problematic. | 5.5 |
2022-06-18 | CVE-2014-125014 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability classified as problematic was found in FFmpeg 2.0. | 5.5 |
2022-06-18 | CVE-2014-125016 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 2.0 A vulnerability was found in FFmpeg 2.0. | 5.5 |
2022-06-16 | CVE-2021-37764 | XOS Shop | Missing Authorization vulnerability in Xos-Shop XOS Shop System 1.0.9 Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/manufacturers.php. | 5.5 |
2022-06-16 | CVE-2021-46820 | XOS Shop | Missing Authorization vulnerability in Xos-Shop XOS Shop System 1.0.9 Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php | 5.5 |
2022-06-16 | CVE-2022-2085 | Artifex Fedoraproject | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. | 5.5 |
2022-06-15 | CVE-2022-30148 | Microsoft | Information Exposure Through Log Files vulnerability in Microsoft products Windows Desired State Configuration (DSC) Information Disclosure Vulnerability | 5.5 |
2022-06-15 | CVE-2022-30155 | Microsoft | Off-by-one Error vulnerability in Microsoft products Windows Kernel Denial of Service Vulnerability | 5.5 |
2022-06-15 | CVE-2022-30159 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Information Disclosure Vulnerability | 5.5 |
2022-06-15 | CVE-2022-30162 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Information Disclosure Vulnerability | 5.5 |
2022-06-15 | CVE-2022-30171 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Information Disclosure Vulnerability | 5.5 |
2022-06-15 | CVE-2022-30172 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Information Disclosure Vulnerability | 5.5 |
2022-06-15 | CVE-2022-30184 | Microsoft Fedoraproject | .NET and Visual Studio Information Disclosure Vulnerability | 5.5 |
2022-06-15 | CVE-2022-21166 | XEN Fedoraproject Intel Vmware Debian | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-06-15 | CVE-2022-21123 | XEN Fedoraproject Intel Vmware Debian | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-06-15 | CVE-2022-21125 | XEN Fedoraproject Intel Vmware Debian | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-06-15 | CVE-2022-21127 | XEN Intel Debian | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-06-15 | CVE-2021-41672 | Peel | SQL Injection vulnerability in Peel Shopping 9.4.0 PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. | 5.5 |
2022-06-15 | CVE-2022-20143 | Allocation of Resources Without Limits or Throttling vulnerability in Google Android In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. | 5.5 | |
2022-06-15 | CVE-2022-20172 | Missing Authorization vulnerability in Google Android In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. | 5.5 | |
2022-06-15 | CVE-2022-20200 | Missing Authorization vulnerability in Google Android 12.1 In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. | 5.5 | |
2022-06-15 | CVE-2022-20206 | Missing Authorization vulnerability in Google Android 12.1 In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. | 5.5 | |
2022-06-15 | CVE-2022-20129 | Unspecified vulnerability in Google Android In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. | 5.5 | |
2022-06-14 | CVE-2022-32239 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-06-14 | CVE-2022-21504 | Oracle | Use After Free vulnerability in Oracle Linux 7/8 The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. | 5.5 |
2022-06-14 | CVE-2021-30339 | Qualcomm | Unspecified vulnerability in Qualcomm products Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 5.5 |
2022-06-14 | CVE-2021-30345 | Qualcomm | Unspecified vulnerability in Qualcomm products RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 5.5 |
2022-06-14 | CVE-2021-30346 | Qualcomm | Unspecified vulnerability in Qualcomm products RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 5.5 |
2022-06-13 | CVE-2022-31751 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The kernel emcom module has multi-thread contention. | 5.5 |
2022-06-13 | CVE-2022-31755 | Huawei | Improper Preservation of Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI The communication module has a vulnerability of improper permission preservation. | 5.5 |
2022-06-13 | CVE-2022-1658 | Artbees | Unspecified vulnerability in Artbees Jupiter 6.10.1 Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. | 5.5 |
2022-06-13 | CVE-2022-26041 | Generex | Path Traversal vulnerability in Generex Rccmd 4.26 Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors. | 5.5 |
2022-06-17 | CVE-2022-2113 | Inventree Project | Cross-site Scripting vulnerability in Inventree Project Inventree Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2. | 5.4 |
2022-06-16 | CVE-2022-31914 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul ZOO Management System 1.0 Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. | 5.4 |
2022-06-15 | CVE-2022-28612 | Custom Popup Builder Project | Unspecified vulnerability in Custom Popup Builder Project Custom Popup Builder Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress. | 5.4 |
2022-06-14 | CVE-2022-31059 | Discourse | Cross-site Scripting vulnerability in Discourse Calendar 1.0.0 Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. | 5.4 |
2022-06-14 | CVE-2022-26476 | Siemens | Use of Hard-coded Credentials vulnerability in Siemens products A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). | 5.4 |
2022-06-13 | CVE-2022-1208 | Ultimatemember | Unspecified vulnerability in Ultimatemember Ultimate Member The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. | 5.4 |
2022-06-13 | CVE-2022-1656 | Artbees | Unspecified vulnerability in Artbees Jupiter X Core and Jupiterx Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). | 5.4 |
2022-06-13 | CVE-2022-2060 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | 5.4 |
2022-06-13 | CVE-2017-20043 | Vendavo | Cross-site Scripting vulnerability in Vendavo Pricepoint 4.6.0.0 A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic. | 5.4 |
2022-06-13 | CVE-2017-20044 | Vendavo | Cross-site Scripting vulnerability in Vendavo Pricepoint 4.6.0.0 A vulnerability was found in Navetti PricePoint 4.6.0.0. | 5.4 |
2022-06-17 | CVE-2022-31876 | Netgear | Unspecified vulnerability in Netgear Wnap320 Firmware 2.0.3 netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. | 5.3 |
2022-06-16 | CVE-2022-33755 | Broadcom | Unspecified vulnerability in Broadcom CA Automic Automation 12.2/12.3 CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | 5.3 |
2022-06-15 | CVE-2022-30154 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability | 5.3 |
2022-06-15 | CVE-2022-20736 | Cisco | Missing Authorization vulnerability in Cisco Appdynamics Controller A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. | 5.3 |
2022-06-14 | CVE-2022-32255 | Siemens | Unspecified vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). | 5.3 |
2022-06-14 | CVE-2021-40633 | Giflib Project | Memory Leak vulnerability in Giflib Project Giflib 5.1.4 A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. | 5.1 |
2022-06-18 | CVE-2022-33987 | GOT Project | Unspecified vulnerability in GOT Project GOT The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. | 5.0 |
2022-06-17 | CVE-2022-21213 | Moutjs | Unspecified vulnerability in Moutjs Mout This affects all versions of package mout. | 5.0 |
2022-06-17 | CVE-2022-22138 | Fast String Search Project | Incorrect Calculation vulnerability in Fast String Search Project Fast String Search All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. | 5.0 |
2022-06-17 | CVE-2022-25345 | Discordjs | Use of Uninitialized Resource vulnerability in Discordjs Opus All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. | 5.0 |
2022-06-17 | CVE-2022-25871 | Querymen Project | Unspecified vulnerability in Querymen Project Querymen All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. | 5.0 |
2022-06-17 | CVE-2022-25872 | Fast String Search Project | Out-of-bounds Read vulnerability in Fast String Search Project Fast String Search All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. | 5.0 |
2022-06-17 | CVE-2021-41490 | Rice | Memory Leak vulnerability in Rice Open Motion Planning Library 1.5.0 Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior. | 5.0 |
2022-06-16 | CVE-2018-18907 | Dlink | Improper Authentication vulnerability in Dlink Dir-850L Firmare An issue was discovered on D-Link DIR-850L 1.21WW devices. | 5.0 |
2022-06-16 | CVE-2022-33739 | Broadcom | XML Injection (aka Blind XPath Injection) vulnerability in Broadcom CA Clarity 15.9.0 CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system. | 5.0 |
2022-06-16 | CVE-2022-33756 | Broadcom | Insufficient Entropy vulnerability in Broadcom CA Automic Automation 12.2/12.3 CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data. | 5.0 |
2022-06-16 | CVE-2020-25459 | Webank | Exposure of Resource to Wrong Sphere vulnerability in Webank Federated AI Technology Enabler An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling. | 5.0 |
2022-06-16 | CVE-2020-28865 | Powerjob | Insufficiently Protected Credentials vulnerability in Powerjob An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save. | 5.0 |
2022-06-16 | CVE-2022-31295 | Online Discussion Forum Site Project | Authorization Bypass Through User-Controlled Key vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. | 5.0 |
2022-06-16 | CVE-2022-27512 | Citrix | Use After Free vulnerability in Citrix Application Delivery Management Temporary disruption of the ADM license service. | 5.0 |
2022-06-16 | CVE-2022-29863 | Opcfoundation | Allocation of Resources Without Limits or Throttling vulnerability in Opcfoundation UA .Net Standard Stack OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation. | 5.0 |
2022-06-16 | CVE-2022-29864 | Opcfoundation | Resource Exhaustion vulnerability in Opcfoundation UA .Net Standard Stack OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption. | 5.0 |
2022-06-16 | CVE-2022-29866 | Opcfoundation | Resource Exhaustion vulnerability in Opcfoundation UA .Net Standard Stack OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption. | 5.0 |
2022-06-16 | CVE-2022-1642 | Apple | Incorrect Type Conversion or Cast vulnerability in Apple Swift A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. | 5.0 |
2022-06-16 | CVE-2022-29862 | Opcfoundation | Infinite Loop vulnerability in Opcfoundation UA .Net Standard Stack An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message. | 5.0 |
2022-06-16 | CVE-2022-29865 | Opcfoundation | Improper Authentication vulnerability in Opcfoundation UA .Net Standard Stack OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials. | 5.0 |
2022-06-16 | CVE-2022-31372 | Wiris | Path Traversal vulnerability in Wiris Mathtype 7.28.0 Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. | 5.0 |
2022-06-16 | CVE-2022-2098 | Kromit | Weak Password Requirements vulnerability in Kromit Titra Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1. | 5.0 |
2022-06-15 | CVE-2022-21935 | Johnsoncontrols | Improper Authentication vulnerability in Johnsoncontrols products A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change. | 5.0 |
2022-06-15 | CVE-2022-31044 | Pagerduty | Insufficiently Protected Credentials vulnerability in Pagerduty Rundeck 4.2.0/4.2.1 Rundeck is an open source automation service with a web console, command line tools and a WebAPI. | 5.0 |
2022-06-15 | CVE-2022-31069 | Finastra Nestjs Proxy Project | Information Exposure vulnerability in multiple products NestJS Proxy is a NestJS module to decorate and proxy calls. | 5.0 |
2022-06-15 | CVE-2022-31070 | Finastra Nestjs Proxy Project | Information Exposure vulnerability in multiple products NestJS Proxy is a NestJS module to decorate and proxy calls. | 5.0 |
2022-06-15 | CVE-2022-32155 | Splunk | Incorrect Permission Assignment for Critical Resource vulnerability in Splunk In universal forwarder versions before 9.0, management services are available remotely by default. | 5.0 |
2022-06-15 | CVE-2022-32157 | Splunk | Missing Authentication for Critical Function vulnerability in Splunk Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. | 5.0 |
2022-06-15 | CVE-2022-20149 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A | 5.0 | |
2022-06-15 | CVE-2022-20151 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A | 5.0 | |
2022-06-15 | CVE-2022-20169 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A | 5.0 | |
2022-06-15 | CVE-2022-20175 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A | 5.0 | |
2022-06-15 | CVE-2022-20177 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A | 5.0 | |
2022-06-15 | CVE-2022-20179 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A | 5.0 | |
2022-06-15 | CVE-2022-20184 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A | 5.0 | |
2022-06-15 | CVE-2022-20188 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A | 5.0 | |
2022-06-15 | CVE-2022-20209 | Out-of-bounds Write vulnerability in Google Android 12.1 In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. | 5.0 | |
2022-06-14 | CVE-2022-31060 | Discourse | Unspecified vulnerability in Discourse Discourse is an open-source discussion platform. | 5.0 |
2022-06-14 | CVE-2022-29614 | SAP | Improper Privilege Management vulnerability in SAP Host Agent and Netweaver Abap SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. | 5.0 |
2022-06-14 | CVE-2022-31845 | Wavlink | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927 A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 5.0 |
2022-06-14 | CVE-2022-31846 | Wavlink | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927 A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 5.0 |
2022-06-14 | CVE-2022-31273 | 17Ido | Improper Restriction of Excessive Authentication Attempts vulnerability in 17Ido Topidp3000 Topsec Operating System Tos3.3.005.665B.15Smpidp An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie. | 5.0 |
2022-06-14 | CVE-2022-30229 | Siemens | Improper Authentication vulnerability in Siemens Sicam Gridedge Essential A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). | 5.0 |
2022-06-14 | CVE-2022-29509 | Tandd | Path Traversal vulnerability in Tandd T&D Server and Thermo Recorder Data Server Firmware Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors. | 5.0 |
2022-06-14 | CVE-2022-31447 | Magicpin | XXE vulnerability in Magicpin 3.4 An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file. | 5.0 |
2022-06-13 | CVE-2022-32192 | Couchbase | Information Exposure vulnerability in Couchbase Server Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | 5.0 |
2022-06-13 | CVE-2022-32565 | Couchbase | Information Exposure Through Log Files vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 7.0.4. | 5.0 |
2022-06-13 | CVE-2022-32558 | Couchbase | Unspecified vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 7.0.4. | 5.0 |
2022-06-13 | CVE-2022-32564 | Couchbase | Unspecified vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 7.0.4. | 5.0 |
2022-06-13 | CVE-2022-33174 | Powertekpdus | Incorrect Authorization vulnerability in Powertekpdus products Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. | 5.0 |
2022-06-13 | CVE-2021-46811 | Huawei | Incorrect Default Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI HwSEServiceAPP has a vulnerability in permission management. | 5.0 |
2022-06-13 | CVE-2021-46812 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The Device Manager has a vulnerability in multi-device interaction. | 5.0 |
2022-06-13 | CVE-2021-46813 | Huawei | Improper Cross-boundary Removal of Sensitive Data vulnerability in Huawei Emui and Magic UI Vulnerability of residual files not being deleted after an update in the ChinaDRM module. | 5.0 |
2022-06-13 | CVE-2022-31753 | Huawei | Use of Externally-Controlled Format String vulnerability in Huawei Emui, Harmonyos and Magic UI The voice wakeup module has a vulnerability of using externally-controlled format strings. | 5.0 |
2022-06-13 | CVE-2022-31754 | Huawei | Unspecified vulnerability in Huawei Emui and Magic UI Logical defects in code implementation in some products. | 5.0 |
2022-06-13 | CVE-2022-31757 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The setting module has a vulnerability of improper use of APIs. | 5.0 |
2022-06-13 | CVE-2022-31761 | Huawei | Unspecified vulnerability in Huawei Emui and Magic UI Configuration defects in the secure OS module. | 5.0 |
2022-06-13 | CVE-2022-1595 | HC Custom WP Admin URL Project | Information Exposure vulnerability in HC Custom Wp-Admin URL Project HC Custom Wp-Admin URL 1.4 The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request | 5.0 |
2022-06-13 | CVE-2022-32739 | Otrs | Unspecified vulnerability in Otrs Calendar Resource Planning and Otrs When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. | 5.0 |
2022-06-13 | CVE-2022-32741 | Otrs | Unspecified vulnerability in Otrs Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. | 5.0 |
2022-06-13 | CVE-2022-29525 | Rakuten | Use of Hard-coded Credentials vulnerability in Rakuten Casa Apfv141/Apfv200 Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation. | 5.0 |
2022-06-15 | CVE-2022-21180 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. | 4.9 |
2022-06-15 | CVE-2022-20159 | Out-of-bounds Read vulnerability in Google Android In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. | 4.9 | |
2022-06-15 | CVE-2022-20162 | Out-of-bounds Read vulnerability in Google Android In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. | 4.9 | |
2022-06-15 | CVE-2022-20165 | Out-of-bounds Read vulnerability in Google Android In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. | 4.9 | |
2022-06-15 | CVE-2022-20132 | Out-of-bounds Read vulnerability in Google Android In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. | 4.9 | |
2022-06-14 | CVE-2021-30338 | Qualcomm | Improper Input Validation vulnerability in Qualcomm Sd850 Firmware and Sdxr1 Firmware Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute | 4.9 |
2022-06-14 | CVE-2021-35070 | Qualcomm | Information Exposure vulnerability in Qualcomm products RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile | 4.9 |
2022-06-14 | CVE-2021-35080 | Qualcomm | Information Exposure vulnerability in Qualcomm products Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 4.9 |
2022-06-14 | CVE-2021-35101 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile | 4.9 |
2022-06-13 | CVE-2022-31763 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The kernel module has the null pointer and out-of-bounds array vulnerabilities. | 4.9 |
2022-06-16 | CVE-2021-36827 | Ninjaforms | Cross-site Scripting vulnerability in Ninjaforms Ninja Forms Auth. | 4.8 |
2022-06-16 | CVE-2021-41421 | Maianmedia | Unrestricted Upload of File with Dangerous Type vulnerability in Maianmedia Maianaffiliate 1.0 A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel. | 4.8 |
2022-06-15 | CVE-2022-32550 | 1Password | Unspecified vulnerability in 1Password products An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. | 4.8 |
2022-06-14 | CVE-2022-30903 | Nokia | Cross-site Scripting vulnerability in Nokia G-2425G-A Firmware 3Fe49362Ijhk42 Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | 4.8 |
2022-06-14 | CVE-2021-40658 | Textpattern | Cross-site Scripting vulnerability in Textpattern 4.8.7 Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. | 4.8 |
2022-06-13 | CVE-2022-1750 | Sticky Popup Project | Cross-site Scripting vulnerability in Sticky Popup Project Sticky Popup 1.2 The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. | 4.8 |
2022-06-13 | CVE-2022-1961 | Gtm4Wp | Cross-site Scripting vulnerability in Gtm4Wp Google TAG Manager The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. | 4.8 |
2022-06-15 | CVE-2021-39806 | Double Free vulnerability in Google Android 12.1 In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. | 4.6 | |
2022-06-15 | CVE-2022-20152 | Out-of-bounds Write vulnerability in Google Android In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. | 4.6 | |
2022-06-15 | CVE-2022-20166 | Out-of-bounds Write vulnerability in Google Android In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. | 4.6 | |
2022-06-15 | CVE-2022-20178 | Integer Overflow or Wraparound vulnerability in Google Android In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. | 4.6 | |
2022-06-15 | CVE-2022-20183 | Out-of-bounds Write vulnerability in Google Android In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. | 4.6 | |
2022-06-15 | CVE-2022-20185 | Use After Free vulnerability in Google Android In TBD of TBD, there is a possible use after free bug. | 4.6 | |
2022-06-15 | CVE-2022-20192 | Unspecified vulnerability in Google Android 12.1 In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. | 4.6 | |
2022-06-15 | CVE-2022-20194 | Unspecified vulnerability in Google Android 12.1 In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. | 4.6 | |
2022-06-15 | CVE-2022-20197 | Unspecified vulnerability in Google Android 12.1 In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. | 4.6 | |
2022-06-15 | CVE-2022-20207 | Unspecified vulnerability in Google Android 12.1 In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. | 4.6 | |
2022-06-14 | CVE-2021-35098 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 4.6 |
2022-06-14 | CVE-2021-35118 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 4.6 |
2022-06-14 | CVE-2021-35121 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 4.6 |
2022-06-17 | CVE-2022-33915 | Amazon | Race Condition vulnerability in Amazon Hotpatch 1.112/1.116 Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. | 4.4 |
2022-06-16 | CVE-2017-20051 | Jrsoftware | Uncontrolled Search Path Element vulnerability in Jrsoftware Inno Setup A vulnerability was found in InnoSetup Installer. | 4.4 |
2022-06-15 | CVE-2022-20154 | Race Condition vulnerability in Google Android In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. | 4.4 | |
2022-06-15 | CVE-2022-20176 | Use of Uninitialized Resource vulnerability in Google Android In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. | 4.4 | |
2022-06-15 | CVE-2022-20182 | Missing Authorization vulnerability in Google Android In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. | 4.4 | |
2022-06-15 | CVE-2022-20193 | Unspecified vulnerability in Google Android 12.1 In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. | 4.4 | |
2022-06-18 | CVE-2021-46822 | Libjpeg Turbo | Out-of-bounds Write vulnerability in Libjpeg-Turbo The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. | 4.3 |
2022-06-17 | CVE-2022-31873 | Trendnet | Cross-site Scripting vulnerability in Trendnet Tv-Ip110Wn Firmware 1.2.2.68 Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi. | 4.3 |
2022-06-17 | CVE-2022-31875 | Trendnet | Cross-site Scripting vulnerability in Trendnet Tv-Ip110Wn Firmware 1.2.2.68 Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi | 4.3 |
2022-06-17 | CVE-2022-21184 | Atvise | Insufficiently Protected Credentials vulnerability in Atvise 3.5.4/3.6/3.7 An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. | 4.3 |
2022-06-17 | CVE-2022-32442 | Yuba | Cross-site Scripting vulnerability in Yuba U5Cms 8.3.5 u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). | 4.3 |
2022-06-17 | CVE-2022-31246 | Electrum | Argument Injection or Modification vulnerability in Electrum paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). | 4.3 |
2022-06-16 | CVE-2022-30327 | Trendnet | Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tew-831Dr Firmware 1.0601.130.1.1356 An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. | 4.3 |
2022-06-16 | CVE-2022-30328 | Trendnet | Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tew-831Dr Firmware 1.0601.130.1.1356 An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. | 4.3 |
2022-06-16 | CVE-2022-31299 | Angtech | Cross-site Scripting vulnerability in Angtech Haraj 3.7 Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form. | 4.3 |
2022-06-16 | CVE-2022-31294 | Online Discussion Forum Site Project | Cross-Site Request Forgery (CSRF) vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. | 4.3 |
2022-06-16 | CVE-2017-20053 | Xyzscripts | Cross-Site Request Forgery (CSRF) vulnerability in Xyzscripts Contact Form Manager A vulnerability was found in XYZScripts Contact Form Manager Plugin. | 4.3 |
2022-06-16 | CVE-2021-41458 | Gpac | Out-of-bounds Write vulnerability in Gpac Mp4Box 1.1.0 In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability. | 4.3 |
2022-06-15 | CVE-2022-28749 | Zoom | Unspecified vulnerability in Zoom On-Premise Meeting Connector Multimedia Router 4.8.113.20220526 Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. | 4.3 |
2022-06-15 | CVE-2022-30666 | Adobe | Out-of-bounds Read vulnerability in Adobe Illustrator Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 4.3 |
2022-06-15 | CVE-2022-30667 | Adobe | Out-of-bounds Read vulnerability in Adobe Illustrator Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 4.3 |
2022-06-15 | CVE-2022-30668 | Adobe | Out-of-bounds Read vulnerability in Adobe Illustrator Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 4.3 |
2022-06-15 | CVE-2022-30669 | Adobe | Out-of-bounds Read vulnerability in Adobe Illustrator Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 4.3 |
2022-06-15 | CVE-2021-36891 | Supsystic | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Photo Gallery Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. | 4.3 |
2022-06-15 | CVE-2021-41415 | Subscription Manager Project | Cross-site Scripting vulnerability in Subscription-Manager Project Subscription-Manager 1.0 Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter. | 4.3 |
2022-06-15 | CVE-2022-28850 | Adobe | Out-of-bounds Read vulnerability in Adobe Bridge Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 4.3 |
2022-06-15 | CVE-2021-40910 | Phpcms | Cross-site Scripting vulnerability in PHPcms 9.6.3 There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. | 4.3 |
2022-06-15 | CVE-2022-29439 | Nextcode | Cross-Site Request Forgery (CSRF) vulnerability in Nextcode Image Slider BY Nextcode Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides. | 4.3 |
2022-06-15 | CVE-2022-29441 | Private Messages Project | Cross-Site Request Forgery (CSRF) vulnerability in Private Messages Project Private Messages Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages. | 4.3 |
2022-06-15 | CVE-2022-29453 | Ayecode | Cross-Site Request Forgery (CSRF) vulnerability in Ayecode API KEY for Google Maps Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update. | 4.3 |
2022-06-15 | CVE-2021-36901 | Asylumdigital | Cross-site Scripting vulnerability in Asylumdigital AGE Gate Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress. | 4.3 |
2022-06-15 | CVE-2022-20202 | Out-of-bounds Write vulnerability in Google Android 12.1 In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. | 4.3 | |
2022-06-14 | CVE-2022-32240 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
2022-06-14 | CVE-2022-32241 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
2022-06-14 | CVE-2022-32242 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
2022-06-14 | CVE-2022-32243 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
2022-06-14 | CVE-2022-32236 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
2022-06-14 | CVE-2022-32237 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
2022-06-14 | CVE-2022-32238 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
2022-06-14 | CVE-2022-29618 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Development Infrastructure Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. | 4.3 |
2022-06-14 | CVE-2022-32235 | SAP | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
2022-06-14 | CVE-2022-29612 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP Host Agent and Netweaver Abap SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. | 4.3 |
2022-06-14 | CVE-2022-30930 | Phpgurukul | Cross-Site Request Forgery (CSRF) vulnerability in PHPgurukul Tourism Management System 3.2 Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). | 4.3 |
2022-06-14 | CVE-2022-31403 | Combodo | Cross-site Scripting vulnerability in Combodo Itop 3.0.1 ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. | 4.3 |
2022-06-14 | CVE-2021-37182 | Siemens | Improper Validation of Integrity Check Value vulnerability in Siemens products A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). | 4.3 |
2022-06-14 | CVE-2021-40650 | Softwareag | Missing Encryption of Sensitive Data vulnerability in Softwareag Connx 6.2.0.1269 In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set. | 4.3 |
2022-06-14 | CVE-2022-27219 | Siemens | Improper Restriction of Rendered UI Layers or Frames vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). | 4.3 |
2022-06-14 | CVE-2022-27220 | Siemens | Improper Restriction of Rendered UI Layers or Frames vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). | 4.3 |
2022-06-14 | CVE-2022-30228 | Siemens | Origin Validation Error vulnerability in Siemens Sicam Gridedge Essential A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). | 4.3 |
2022-06-14 | CVE-2022-32145 | Siemens | Cross-site Scripting vulnerability in Siemens Teamcenter Active Workspace 5.2/5.2.3 A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). | 4.3 |
2022-06-14 | CVE-2022-32285 | Mendix | XXE vulnerability in Mendix Saml A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). | 4.3 |
2022-06-14 | CVE-2022-32286 | Mendix | Cross-site Scripting vulnerability in Mendix Saml A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). | 4.3 |
2022-06-14 | CVE-2022-29482 | Dena | Improper Certificate Validation vulnerability in Dena Mobaoku-Auction & Flea Market 'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | 4.3 |
2022-06-14 | CVE-2022-29485 | SS Proj | Cross-site Scripting vulnerability in Ss-Proj Shirasagi Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 4.3 |
2022-06-13 | CVE-2021-41663 | 1234N | Cross-site Scripting vulnerability in 1234N Minicms 1.11 A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. | 4.3 |
2022-06-13 | CVE-2022-29455 | Elementor | Cross-site Scripting vulnerability in Elementor Website Builder DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. | 4.3 |
2022-06-13 | CVE-2022-1532 | Themify | Cross-site Scripting vulnerability in Themify Woocommerce Product Filter Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | 4.3 |
2022-06-13 | CVE-2022-1594 | HC Custom WP Admin URL Project | Cross-Site Request Forgery (CSRF) vulnerability in HC Custom Wp-Admin URL Project HC Custom Wp-Admin URL 1.4 The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL | 4.3 |
2022-06-13 | CVE-2022-1604 | Mailerlite | Cross-site Scripting vulnerability in Mailerlite Signup Forms The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 4.3 |
2022-06-13 | CVE-2022-1605 | Email Users Project | Cross-Site Request Forgery (CSRF) vulnerability in Email Users Project Email Users 4.8.8 The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users | 4.3 |
2022-06-13 | CVE-2022-1608 | Byonepress | Cross-Site Request Forgery (CSRF) vulnerability in Byonepress Social Locker The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 |
2022-06-13 | CVE-2022-1612 | Webriti | Cross-Site Request Forgery (CSRF) vulnerability in Webriti Smtp Mail 1.0 The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 |
2022-06-13 | CVE-2022-1624 | Latest Tweets Widget Project | Cross-Site Request Forgery (CSRF) vulnerability in Latest Tweets Widget Project Latest Tweets Widget 1.1.4 The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 |
2022-06-13 | CVE-2022-1694 | Useful Banner Manager Project | Cross-Site Request Forgery (CSRF) vulnerability in Useful Banner Manager Project Useful Banner Manager 1.6.1 The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form. | 4.3 |
2022-06-13 | CVE-2022-1724 | Simple Membership Plugin | Cross-site Scripting vulnerability in Simple-Membership-Plugin Simple Membership The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting | 4.3 |
2022-06-13 | CVE-2022-1756 | Thenewsletterplugin | Cross-site Scripting vulnerability in Thenewsletterplugin Newsletter The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. | 4.3 |
2022-06-13 | CVE-2022-1773 | WP Athletics Project | Cross-site Scripting vulnerability in WP Athletics Project WP Athletics The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting | 4.3 |
2022-06-13 | CVE-2022-1788 | Change Uploaded File Permissions Project | Cross-Site Request Forgery (CSRF) vulnerability in Change Uploaded File Permissions Project Change Uploaded File Permissions Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. | 4.3 |
2022-06-13 | CVE-2022-1790 | NEW User Email SET UP Project | Cross-Site Request Forgery (CSRF) vulnerability in NEW User Email SET UP Project NEW User Email SET UP The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 |
2022-06-13 | CVE-2022-1793 | Private Files Project | Cross-Site Request Forgery (CSRF) vulnerability in Private Files Project Private Files 0.40 The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public | 4.3 |
2022-06-13 | CVE-2022-2066 | Facturascripts | Cross-site Scripting vulnerability in Facturascripts Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06. | 4.3 |
2022-06-13 | CVE-2022-32740 | Otrs | Unspecified vulnerability in Otrs A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. | 4.3 |
2022-06-13 | CVE-2017-20041 | Ucweb | Improper Restriction of Rendered UI Layers or Frames vulnerability in Ucweb UC Browser 11.2.5.932 A vulnerability was found in Ucweb UC Browser 11.2.5.932. | 4.3 |
2022-06-13 | CVE-2022-27174 | Easy Blog Project | Cross-Site Request Forgery (CSRF) vulnerability in Easy Blog Project Easy Blog Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page. | 4.3 |
2022-06-13 | CVE-2022-27231 | Veronalabs | Cross-site Scripting vulnerability in Veronalabs WP Statistics Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. | 4.3 |
2022-06-13 | CVE-2022-2013 | Octopus | Unspecified vulnerability in Octopus Deploy In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. | 4.3 |
2022-06-17 | CVE-2022-21503 | Oracle | Unspecified vulnerability in Oracle Cloud Infrastructure Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. | 4.0 |
2022-06-15 | CVE-2022-24436 | Intel | Information Exposure Through Discrepancy vulnerability in Intel * Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access. | 4.0 |
2022-06-15 | CVE-2022-23823 | AMD | Information Exposure Through Discrepancy vulnerability in AMD products A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. | 4.0 |
2022-06-15 | CVE-2022-32154 | Splunk | Command Injection vulnerability in Splunk Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. | 4.0 |
2022-06-14 | CVE-2022-31046 | Typo3 | Cleartext Transmission of Sensitive Information vulnerability in Typo3 TYPO3 is an open source web content management system. | 4.0 |
2022-06-14 | CVE-2022-29238 | Jupyter | Forced Browsing vulnerability in Jupyter Notebook Jupyter Notebook is a web-based notebook environment for interactive computing. | 4.0 |
2022-06-14 | CVE-2022-30231 | Siemens | Insufficiently Protected Credentials vulnerability in Siemens Sicam Gridedge Essential A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). | 4.0 |
2022-06-14 | CVE-2022-31415 | Online Fire Reporting System Project | SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php. | 4.0 |
2022-06-13 | CVE-2022-0745 | Likebtn | Missing Authorization vulnerability in Likebtn Like Button Rating The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body | 4.0 |
2022-06-13 | CVE-2022-31041 | Maykinmedia | Unrestricted Upload of File with Dangerous Type vulnerability in Maykinmedia Open Forms Open Forms is an application for creating and publishing smart forms. | 4.0 |
78 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-06-14 | CVE-2022-31066 | Edgexfoundry | Unspecified vulnerability in Edgexfoundry Edgex Foundry EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. | 3.6 |
2022-06-14 | CVE-2022-29615 | SAP | Deserialization of Untrusted Data vulnerability in SAP Netweaver Developer Studio 7.50 SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. | 3.6 |
2022-06-14 | CVE-2021-35084 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 3.6 |
2022-06-14 | CVE-2021-35085 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer overflow due to lack of buffer length check during management frame Rx handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 3.6 |
2022-06-16 | CVE-2022-30326 | Trendnet | Cross-site Scripting vulnerability in Trendnet Tew-831Dr Firmware 1.0601.130.1.1356 An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. | 3.5 |
2022-06-16 | CVE-2021-33295 | Joplin Project | Cross-site Scripting vulnerability in Joplin Project Joplin Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html. | 3.5 |
2022-06-16 | CVE-2021-36608 | Webtareas Project | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.2 Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php. | 3.5 |
2022-06-16 | CVE-2021-36609 | Webtareas Project | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.2 Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. | 3.5 |
2022-06-16 | CVE-2022-31301 | Angtech | Cross-site Scripting vulnerability in Angtech Haraj 3.7 Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component. | 3.5 |
2022-06-16 | CVE-2021-41420 | Maianmedia | Cross-site Scripting vulnerability in Maianmedia Maianaffiliate 1.0 A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel. | 3.5 |
2022-06-16 | CVE-2022-31298 | Angtech | Cross-site Scripting vulnerability in Angtech Haraj 3.7 A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | 3.5 |
2022-06-16 | CVE-2022-31300 | Angtech | Cross-site Scripting vulnerability in Angtech Haraj 3.7 A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | 3.5 |
2022-06-16 | CVE-2022-31906 | Online Fire Reporting System Project | Cross-site Scripting vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0 Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php. | 3.5 |
2022-06-16 | CVE-2022-31910 | Online Tutor Portal Site Project | Cross-site Scripting vulnerability in Online Tutor Portal Site Project Online Tutor Portal Site 1.0 Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS). | 3.5 |
2022-06-16 | CVE-2022-31913 | Online Discussion Forum Site Project | Cross-site Scripting vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. | 3.5 |
2022-06-16 | CVE-2017-20054 | Xyzscripts | Cross-site Scripting vulnerability in Xyzscripts Contact Form Manager A vulnerability was found in XYZScripts Contact Form Manager Plugin. | 3.5 |
2022-06-16 | CVE-2017-20055 | Bestwebsoft | Cross-site Scripting vulnerability in Bestwebsoft Contact Form 4.0.0 A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. | 3.5 |
2022-06-16 | CVE-2017-20056 | Intechnosoftware | Cross-site Scripting vulnerability in Intechnosoftware User Login LOG 2.2.1 A vulnerability was found in weblizar User Login Log Plugin 2.2.1. | 3.5 |
2022-06-16 | CVE-2022-30533 | Webnus | Cross-site Scripting vulnerability in Webnus Modern Events Calendar Lite Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors. | 3.5 |
2022-06-15 | CVE-2022-21938 | Johnsoncontrols | Cross-site Scripting vulnerability in Johnsoncontrols products Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface. | 3.5 |
2022-06-15 | CVE-2022-29452 | Atlasgondal | Cross-site Scripting vulnerability in Atlasgondal Export ALL Urls Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. | 3.5 |
2022-06-15 | CVE-2022-32280 | Xakuro | Cross-site Scripting vulnerability in Xakuro XO Slider Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress. | 3.5 |
2022-06-15 | CVE-2022-24004 | Vanderbilt | Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. | 3.5 |
2022-06-15 | CVE-2022-24127 | Vanderbilt | Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. | 3.5 |
2022-06-15 | CVE-2022-29443 | Nicdark | Cross-site Scripting vulnerability in Nicdark Hotel Booking Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress. | 3.5 |
2022-06-15 | CVE-2022-29438 | Nextcode | Cross-site Scripting vulnerability in Nextcode Image Slider BY Nextcode Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | 3.5 |
2022-06-15 | CVE-2022-29440 | Promotion Slider Project | Cross-site Scripting vulnerability in Promotion Slider Project Promotion Slider Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress. | 3.5 |
2022-06-15 | CVE-2022-29442 | Private Messages Project | Cross-site Scripting vulnerability in Private Messages Project Private Messages Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. | 3.5 |
2022-06-15 | CVE-2022-27859 | Nicdark | Cross-site Scripting vulnerability in Nicdark Nd-Travel Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. | 3.5 |
2022-06-15 | CVE-2022-29406 | Dynamicweblab | Cross-site Scripting vulnerability in Dynamicweblab Wp-Team-Manager Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress. | 3.5 |
2022-06-15 | CVE-2022-2087 | Bank Management System Project | Cross-site Scripting vulnerability in Bank Management System Project Bank Management System 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. | 3.5 |
2022-06-14 | CVE-2022-31048 | Typo3 | Cross-site Scripting vulnerability in Typo3 TYPO3 is an open source web content management system. | 3.5 |
2022-06-14 | CVE-2022-31049 | Typo3 | Cross-site Scripting vulnerability in Typo3 TYPO3 is an open source web content management system. | 3.5 |
2022-06-14 | CVE-2022-32561 | Couchbase | Unspecified vulnerability in Couchbase Server An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. | 3.5 |
2022-06-14 | CVE-2021-40678 | Piwigo | Cross-site Scripting vulnerability in Piwigo 11.5.0 In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. | 3.5 |
2022-06-14 | CVE-2022-2079 | Xgenecloud | Cross-site Scripting vulnerability in Xgenecloud Nocodb Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. | 3.5 |
2022-06-13 | CVE-2022-32193 | Couchbase | Information Exposure Through Log Files vulnerability in Couchbase Server Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | 3.5 |
2022-06-13 | CVE-2022-0209 | Facebook Wall AND Social Integration Project | Cross-site Scripting vulnerability in Facebook-Wall-And-Social-Integration Project Facebook-Wall-And-Social-Integration 1.10 The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 3.5 |
2022-06-13 | CVE-2021-40902 | Flatcore | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.8 flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. | 3.5 |
2022-06-13 | CVE-2022-1335 | Ceikay | Cross-site Scripting vulnerability in Ceikay Slideshow CK 1.4.10 The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | 3.5 |
2022-06-13 | CVE-2022-1336 | Ceikay | Cross-site Scripting vulnerability in Ceikay Carousel CK 1.1.0 The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | 3.5 |
2022-06-13 | CVE-2022-1549 | WP Athletics Project | Cross-site Scripting vulnerability in WP Athletics Project WP Athletics The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability. | 3.5 |
2022-06-13 | CVE-2022-1710 | Dwbooster | Cross-site Scripting vulnerability in Dwbooster Appointment Hour Booking The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | 3.5 |
2022-06-13 | CVE-2022-1759 | RB Internal Links Project | Cross-Site Request Forgery (CSRF) vulnerability in RB Internal Links Project RB Internal Links The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping | 3.5 |
2022-06-13 | CVE-2022-1763 | Static Page Extended Project | Cross-Site Request Forgery (CSRF) vulnerability in Static Page Extended Project Static Page Extended Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. | 3.5 |
2022-06-13 | CVE-2022-1764 | WP Chgfontsize Project | Cross-Site Request Forgery (CSRF) vulnerability in Wp-Chgfontsize Project Wp-Chgfontsize The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | 3.5 |
2022-06-13 | CVE-2022-1780 | Latex Project | Cross-Site Request Forgery (CSRF) vulnerability in Latex Project Latex 3.4.10 The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | 3.5 |
2022-06-13 | CVE-2022-1781 | Posttabs Project | Cross-Site Request Forgery (CSRF) vulnerability in Posttabs Project Posttabs The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | 3.5 |
2022-06-13 | CVE-2022-1787 | Sideblog Project | Cross-Site Request Forgery (CSRF) vulnerability in Sideblog Project Sideblog The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | 3.5 |
2022-06-13 | CVE-2022-1792 | Quick Subscribe Project | Cross-Site Request Forgery (CSRF) vulnerability in Quick Subscribe Project Quick Subscribe The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them | 3.5 |
2022-06-13 | CVE-2022-1814 | WP Admin Style Project | Cross-site Scripting vulnerability in WP Admin Style Project WP Admin Style 0.1.2 The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | 3.5 |
2022-06-13 | CVE-2022-2065 | Facturascripts | Cross-site Scripting vulnerability in Facturascripts Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. | 3.5 |
2022-06-13 | CVE-2022-31398 | Helpdeskz | Cross-site Scripting vulnerability in Helpdeskz 2.0.2 A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | 3.5 |
2022-06-13 | CVE-2022-31400 | Helpdeskz | Cross-site Scripting vulnerability in Helpdeskz 2.0.2 A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | 3.5 |
2022-06-13 | CVE-2022-29894 | Strapi | Cross-site Scripting vulnerability in Strapi Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. | 3.5 |
2022-06-18 | CVE-2022-33981 | Linux Debian | Use After Free vulnerability in multiple products drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. | 3.3 |
2022-06-16 | CVE-2022-30325 | Trendnet | Weak Password Requirements vulnerability in Trendnet Tew-831Dr Firmware 1.0601.130.1.1356 An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. | 3.3 |
2022-06-15 | CVE-2022-31071 | Octopoller Project | Incorrect Default Permissions vulnerability in Octopoller Project Octopoller 0.2.0 Octopoller is a micro gem for polling and retrying. | 2.1 |
2022-06-15 | CVE-2022-31072 | Octokit Project | Incorrect Default Permissions vulnerability in Octokit Project Octokit 4.23.0/4.24.0 Octokit is a Ruby toolkit for the GitHub API. | 2.1 |
2022-06-15 | CVE-2022-21937 | Johnsoncontrols | Cross-site Scripting vulnerability in Johnsoncontrols products Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface. | 2.1 |
2022-06-15 | CVE-2022-1342 | Devolutions | Insufficiently Protected Credentials vulnerability in Devolutions Remote Desktop Manager A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. | 2.1 |
2022-06-15 | CVE-2022-22444 | IBM | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. | 2.1 |
2022-06-15 | CVE-2022-20146 | Unspecified vulnerability in Google Android In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. | 2.1 | |
2022-06-15 | CVE-2022-20174 | Out-of-bounds Read vulnerability in Google Android In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. | 2.1 | |
2022-06-15 | CVE-2022-20198 | Out-of-bounds Read vulnerability in Google Android 12.1 In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check. | 2.1 | |
2022-06-15 | CVE-2022-20205 | Improper Input Validation vulnerability in Google Android 12.1 In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. | 2.1 | |
2022-06-15 | CVE-2022-20208 | Out-of-bounds Read vulnerability in Google Android 12.1 In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. | 2.1 | |
2022-06-14 | CVE-2021-35071 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2.1 |
2022-06-14 | CVE-2021-35079 | Qualcomm | Improper Preservation of Permissions vulnerability in Qualcomm products Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2.1 |
2022-06-14 | CVE-2021-35119 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2.1 |
2022-06-13 | CVE-2022-31752 | Huawei | Missing Authorization vulnerability in Huawei Emui and Magic UI Missing authorization vulnerability in the system components. | 2.1 |
2022-06-13 | CVE-2022-31756 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The fingerprint sensor module has design defects. | 2.1 |
2022-06-13 | CVE-2022-31759 | Huawei | Access of Uninitialized Pointer vulnerability in Huawei Emui, Harmonyos and Magic UI AppLink has a vulnerability of accessing uninitialized pointers. | 2.1 |
2022-06-13 | CVE-2022-1772 | Google Places Reviews Project | Cross-site Scripting vulnerability in Google Places Reviews Project Google Places Reviews The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. | 2.1 |
2022-06-13 | CVE-2022-2061 | Chafa Project | Out-of-bounds Write vulnerability in Chafa Project Chafa Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0. | 2.1 |
2022-06-15 | CVE-2022-20195 | Deserialization of Untrusted Data vulnerability in Google Android 12.1 In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. | 1.9 | |
2022-06-15 | CVE-2022-20196 | Unspecified vulnerability in Google Android 12.1 In gallery3d and photos, there is a possible permission bypass due to a confused deputy. | 1.9 | |
2022-06-13 | CVE-2022-31758 | Huawei | Race Condition vulnerability in Huawei Emui, Harmonyos and Magic UI The kernel module has the race condition vulnerability. | 1.9 |