CVE List - 2022 / April
Showing 1801 - 1900 of 2039 CVEs for April 2022 (Page 19 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-0634 | 2022-04-25 | ThirstyAffiliates < 3.10.5 - Subscriber+ unauthorized image upload + CSRF |
| CVE-2022-0656 | 2022-04-25 | uDraw < 3.3.3 - Unauthenticated Arbitrary File Access |
| CVE-2022-0657 | 2022-04-25 | 5 Stars Rating Funnel < 1.2.53 - Unauthenticated SQLi |
| CVE-2022-0693 | 2022-04-25 | Master Elements <= 8.0 - Unauthenticated SQLi |
| CVE-2022-0769 | 2022-04-25 | Users Ultra <= 3.1.0 - Unauthenticated SQL Injection |
| CVE-2022-0782 | 2022-04-25 | Donations <= 1.8 - Unauthenticated SQLi |
| CVE-2022-0876 | 2022-04-25 | Social comments by WpDevArt < 2.5.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0953 | 2022-04-25 | Anti-Malware Security and Brute-Force Firewall < 4.20.96 - Reflected Cross-Site Scripting |
| CVE-2022-1027 | 2022-04-25 | Page Restriction WordPress < 1.2.7 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1092 | 2022-04-25 | myCred < 2.4.4 - Subscriber+ Import/Export to Email Address Disclosure |
| CVE-2022-1094 | 2022-04-25 | Amr Users < 4.59.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1152 | 2022-04-25 | Menubar < 5.8 - Reflected Cross-Site Scripting |
| CVE-2022-1153 | 2022-04-25 | LayerSlider < 7.1.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1156 | 2022-04-25 | Books & Papers <= 0.20210223 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1228 | 2022-04-25 | Opensea < 1.0.3 - Admin+ Stored XSS |
| CVE-2022-1390 | 2022-04-25 | Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read |
| CVE-2022-1391 | 2022-04-25 | Cab fare calculator < 1.0.4 - Unauthenticated LFI |
| CVE-2022-1392 | 2022-04-25 | Videos sync PDF <= 1.7.4 - Unauthenticated LFI |
| CVE-2022-1396 | 2022-04-25 | Donorbox < 7.1.7 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-28290 | 2022-04-25 | Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version... |
| CVE-2022-0477 | 2022-04-25 | An issue has been discovered in GitLab affecting all versions... |
| CVE-2022-29417 | 2022-04-25 | WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability |
| CVE-2022-29418 | 2022-04-25 | WordPress Night Mode plugin <= 1.0.0 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29419 | 2022-04-25 | WordPress 3xSocializer plugin <= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability |
| CVE-2022-25866 | 2022-04-25 | Command Injection |
| CVE-2021-35250 | 2022-04-25 | Directory Transversal Vulnerability in Serv-U 15.3 |
| CVE-2022-24880 | 2022-04-25 | Potential Captcha Validate Bypass in flask-session-captcha |
| CVE-2022-24706 | 2022-04-26 | Remote Code Execution Vulnerability in Packaging |
| CVE-2022-24882 | 2022-04-26 | Server side NTLM does not properly check parameters in FreeRDP |
| CVE-2022-24883 | 2022-04-26 | FreeRDP Server authentication might allow invalid credentials to pass |
| CVE-2022-29499 | 2022-04-26 | The Service Appliance component in Mitel MiVoice Connect through 19.2... |
| CVE-2022-29806 | 2022-04-26 | ZoneMinder before 1.36.13 allows remote code execution via an invalid... |
| CVE-2022-27299 | 2022-04-26 | Hospital Management System v1.0 was discovered to contain a SQL... |
| CVE-2022-27468 | 2022-04-26 | Monstaftp v2.10.3 was discovered to contain an arbitrary file upload... |
| CVE-2022-27469 | 2022-04-26 | Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side... |
| CVE-2022-27984 | 2022-04-26 | CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability... |
| CVE-2022-27985 | 2022-04-26 | CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability... |
| CVE-2022-23942 | 2022-04-26 | Apache Doris hardcoded cryptography initialization |
| CVE-2022-24881 | 2022-04-26 | Command Injection in Ballcat Codegen |
| CVE-2022-1173 | 2022-04-26 | stored xss in getgrav/grav |
| CVE-2022-28218 | 2022-04-26 | An issue was discovered in CipherMail Webmail Messenger 1.1.1 through... |
| CVE-2021-36867 | 2022-04-26 | WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-36895 | 2022-04-26 | WordPress Tripetto plugin <= 5.1.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability via SVG image upload |
| CVE-2021-26629 | 2022-04-26 | tobesoft XPLATFORM Path Traversal Vulnerability |
| CVE-2021-26628 | 2022-04-26 | MaxBoard XSS and File Upload Vulnerability |
| CVE-2022-1466 | 2022-04-26 | Due to improper authorization, Red Hat Single Sign-On is vulnerable... |
| CVE-2022-27854 | 2022-04-26 | WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-24866 | 2022-04-26 | Exposure of Sensitive Information to an Unauthorized Actor in Discourse Assign |
| CVE-2022-28448 | 2022-04-26 | nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An... |
| CVE-2022-28449 | 2022-04-26 | nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At... |
| CVE-2022-28450 | 2022-04-26 | nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2022-28058 | 2022-04-26 | Verydows v2.0 was discovered to contain an arbitrary file deletion... |
| CVE-2022-28059 | 2022-04-26 | Verydows v2.0 was discovered to contain an arbitrary file deletion... |
| CVE-2022-28521 | 2022-04-26 | ZCMS v20170206 was discovered to contain a file inclusion vulnerability... |
| CVE-2022-28522 | 2022-04-26 | ZCMS v20170206 was discovered to contain a stored cross-site scripting... |
| CVE-2022-28523 | 2022-04-26 | HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. |
| CVE-2022-28524 | 2022-04-26 | ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability... |
| CVE-2022-28525 | 2022-04-26 | ED01-CMS v20180505 was discovered to contain an arbitrary file upload... |
| CVE-2022-28527 | 2022-04-26 | dhcms v20170919 was discovered to contain an arbitrary folder deletion... |
| CVE-2022-28528 | 2022-04-26 | bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload... |
| CVE-2022-28918 | 2022-04-26 | GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion... |
| CVE-2022-26564 | 2022-04-26 | HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS)... |
| CVE-2022-27888 | 2022-04-26 | The Foundry Issues service was found to be logging in a manner that captured session tokens. |
| CVE-2022-27239 | 2022-04-27 | In cifs-utils through 6.14, a stack-based buffer overflow when parsing... |
| CVE-2022-24891 | 2022-04-27 | Cross-site Scripting in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file |
| CVE-2021-41041 | 2022-04-27 | In Eclipse Openj9 before version 0.32.0, Java 8 & 11... |
| CVE-2022-28085 | 2022-04-27 | A flaw was found in htmldoc commit 31f7804. A heap... |
| CVE-2022-27331 | 2022-04-27 | An access control issue in Zammad v5.0.3 broadcasts administrative configuration... |
| CVE-2022-27332 | 2022-04-27 | An access control issue in Zammad v5.0.3 allows attackers to... |
| CVE-2022-29701 | 2022-04-27 | A lack of rate limiting in the 'forgot password' feature... |
| CVE-2022-29700 | 2022-04-27 | A lack of password length restriction in Zammad v5.1.0 allows... |
| CVE-2022-29810 | 2022-04-27 | The Hashicorp go-getter library before 1.5.11 does not redact an... |
| CVE-2022-1503 | 2022-04-27 | GetSimple CMS Content Module edit.php cross site scripting |
| CVE-2021-46442 | 2022-04-27 | In the "webupg" binary of D-Link DIR-825 G1, attackers can... |
| CVE-2021-46441 | 2022-04-27 | In the "webupg" binary of D-Link DIR-825 G1, because of... |
| CVE-2022-1504 | 2022-04-27 | XSS in /demo/module/?module=HERE in microweber/microweber |
| CVE-2021-46420 | 2022-04-27 | Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by... |
| CVE-2021-46421 | 2022-04-27 | Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by... |
| CVE-2021-46422 | 2022-04-27 | Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection... |
| CVE-2021-46423 | 2022-04-27 | Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download... |
| CVE-2021-46424 | 2022-04-27 | Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion... |
| CVE-2022-28464 | 2022-04-27 | Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS)... |
| CVE-2022-24885 | 2022-04-27 | Improper Authentication in Nextcloud Android Files |
| CVE-2022-24886 | 2022-04-27 | Exposure of Sensitive Information to an Unauthorized Actor in com.nextcloud.client |
| CVE-2022-24887 | 2022-04-27 | Open Redirect in Nextcloud Talk |
| CVE-2022-27905 | 2022-04-27 | In ControlUp Real-Time Agent before 8.6, an unquoted path can... |
| CVE-2022-24888 | 2022-04-27 | Possible Injection in Nextcloud Server |
| CVE-2022-29505 | 2022-04-27 | Due to build misconfiguration in openssl dependency, LINE for Windows... |
| CVE-2022-24889 | 2022-04-27 | Insufficient Verification of Data Authenticity in Nextcloud Server |
| CVE-2021-34587 | 2022-04-27 | Bender Charge Controller: Long URL could lead to webserver crash |
| CVE-2021-34588 | 2022-04-27 | Bender Charge Controller: Unprotected data export |
| CVE-2021-34589 | 2022-04-27 | Bender Charge Controller: RFID leak |
| CVE-2021-34590 | 2022-04-27 | Bender Charge Controller: Cross-site Scripting |
| CVE-2021-34591 | 2022-04-27 | Bender Charge Controller: Local privilege Escalation |
| CVE-2021-34592 | 2022-04-27 | Bender Charge Controller: Command injection via Web interface |
| CVE-2021-34601 | 2022-04-27 | Bender Charge Controller: Hardcoded Credentials in Charge Controller |
| CVE-2021-34602 | 2022-04-27 | Bender Charge Controller: Long URL could lead to webserver crash |
| CVE-2022-22521 | 2022-04-27 | Privilege Escalation in Miele Benchmark Programming Tool |
| CVE-2022-27336 | 2022-04-27 | Seacms v11.6 was discovered to contain a remote code execution... |
| CVE-2021-29776 | 2022-04-27 | IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an... |