VULNMAP - Security Vulnerabilities

CVE List - 2022 / April

Showing 1601 - 1700 of 2039 CVEs for April 2022 (Page 17 of 21)

CVE ID Date Title
CVE-2022-0272 2022-04-21 Improper Restriction of XML External Entity Reference in detekt/detekt
CVE-2021-41161 2022-04-21 XSS in csvimport in 3.0.0-beta versions
CVE-2022-22435 2022-04-21 IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading...
CVE-2022-22436 2022-04-21 IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading...
CVE-2022-24870 2022-04-21 Stored Cross-site Scripting in Combodo iTop
CVE-2021-41162 2022-04-21 Cross-site Scripting in Combodo iTop
CVE-2022-24867 2022-04-21 LDAP password exposure in glpi
CVE-2022-24868 2022-04-21 Cross site scripting via SVG file upload in GLPI
CVE-2022-24869 2022-04-21 Cross Site Scripting in GLPI
CVE-2022-24875 2022-04-21 Potential Secrets being logged to disk in CVEProject/cve-services
CVE-2020-14116 2022-04-21 An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive...
CVE-2020-14121 2022-04-21 A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to...
CVE-2020-14122 2022-04-21 Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information...
CVE-2020-14120 2022-04-21 Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers...
CVE-2020-14118 2022-04-21 An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause...
CVE-2020-14117 2022-04-21 A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can...
CVE-2022-28820 2022-04-21 Adobe Consulting Services Reflected Cross-Site Scripting Arbitrary Code Execution
CVE-2022-28743 2022-04-21 Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6, and Application FW <= 2.91.2.66, allows an authenticated remote attacker with administrator permissions to...
CVE-2021-43708 2022-04-21 The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode.
CVE-2021-23055 2022-04-21 On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions...
CVE-2022-22969 2022-04-21 <Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an...
CVE-2021-35229 2022-04-21 Cross-Site Scripting Vulnerability using SQL Query
CVE-2022-23711 2022-04-21 A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Elastic Stack monitoring features provide a way to keep a pulse on...
CVE-2022-29566 2022-04-21 The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of...
CVE-2022-20778 2022-04-21 Cisco Webex Meetings Cross-Site Scripting Vulnerability
CVE-2022-20783 2022-04-21 Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability
CVE-2022-20786 2022-04-21 Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerability
CVE-2022-20787 2022-04-21 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability
CVE-2022-20788 2022-04-21 Cisco Unified Communications Products Cross-Site Scripting Vulnerability
CVE-2022-20789 2022-04-21 Cisco Unified Communications Products Arbitrary File Write Vulnerability
CVE-2022-20790 2022-04-21 Cisco Unified Communications Products Arbitrary File Read Vulnerability
CVE-2022-20795 2022-04-21 Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software AnyConnect SSL VPN Denial of Service Vulnerability
CVE-2022-20804 2022-04-21 Cisco Unified Communications Products Denial of Service Vulnerability
CVE-2022-20805 2022-04-21 Cisco Umbrella Secure Web Gateway File Decryption Bypass Vulnerability
CVE-2022-20732 2022-04-21 Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability
CVE-2022-20773 2022-04-21 Cisco Umbrella Virtual Appliance Static SSH Host Key Vulnerability
CVE-2022-28443 2022-04-21 UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.
CVE-2022-28444 2022-04-21 UCMS v1.6 was discovered to contain an arbitrary file read vulnerability.
CVE-2022-28445 2022-04-21 KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.
CVE-2022-28439 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&action=delete&userid=4.
CVE-2022-28440 2022-04-21 An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-28438 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=User&userid=.
CVE-2022-28436 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Hide&userid=.
CVE-2022-28437 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3.
CVE-2022-28435 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1.
CVE-2022-28433 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=.
CVE-2022-28434 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2.
CVE-2022-28431 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2.
CVE-2022-28432 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2.
CVE-2022-28429 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=.
CVE-2022-28427 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=read&msgid=.
CVE-2022-28425 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=display&value=1&roleid=.
CVE-2022-28424 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=.
CVE-2022-28422 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=edit.
CVE-2022-28423 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete.
CVE-2022-28421 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=posts&action=display&value=1&postid=.
CVE-2022-28420 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=.
CVE-2022-28426 2022-04-21 Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=edit&roleid=.
CVE-2022-28417 2022-04-21 Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.
CVE-2022-28415 2022-04-21 Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_collection.
CVE-2022-28416 2022-04-21 Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_phase.
CVE-2022-28413 2022-04-21 Car Driving School Management System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_enrollment.
CVE-2022-28414 2022-04-21 Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_member.
CVE-2022-28412 2022-04-21 Car Driving School Managment System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_package.
CVE-2022-28411 2022-04-21 Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/admin/?page=agents/manage_agent.
CVE-2022-28410 2022-04-21 Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Users.php?f=delete_agent.
CVE-2022-28029 2022-04-21 Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_type.
CVE-2022-28030 2022-04-21 Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_estate.
CVE-2022-28028 2022-04-21 Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_amenity.
CVE-2022-28026 2022-04-21 Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=.
CVE-2022-28024 2022-04-21 Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade.
CVE-2022-28025 2022-04-21 Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year.
CVE-2022-28023 2022-04-21 Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier.
CVE-2022-28020 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\position_edit.php.
CVE-2022-28021 2022-04-21 Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user.
CVE-2022-28022 2022-04-21 Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.
CVE-2022-28019 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_edit.php.
CVE-2022-28017 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\overtime_edit.php.
CVE-2022-28018 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\schedule_edit.php.
CVE-2022-28016 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\deduction_edit.php.
CVE-2022-28014 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendance_edit.php.
CVE-2022-28015 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\cashadvance_edit.php.
CVE-2022-28013 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\schedule_employee_edit.php.
CVE-2022-28012 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\position_delete.php.
CVE-2022-28011 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\schedule_delete.php.
CVE-2022-28009 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendance_delete.php.
CVE-2022-28010 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\overtime_delete.php.
CVE-2022-28007 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\cashadvance_delete.php.
CVE-2022-28008 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendance_delete.php.
CVE-2022-27478 2022-04-21 Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin.
CVE-2022-28006 2022-04-21 Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_delete.php.
CVE-2022-22558 2022-04-21 Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this...
CVE-2022-24423 2022-04-21 Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in...
CVE-2022-24424 2022-04-21 Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access...
CVE-2022-26856 2022-04-21 Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker...
CVE-2022-28366 2022-04-21 Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26,...
CVE-2022-28367 2022-04-21 OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
CVE-2022-29577 2022-04-21 OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content....
CVE-2022-27404 2022-04-22 FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
CVE-2022-27405 2022-04-22 FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.