CVE List - 2022 / May
Showing 1 - 100 of 2161 CVEs for May 2022 (Page 1 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-1544 | 2022-05-01 | Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in luyadev/yii-helpers |
| CVE-2022-23060 | 2022-05-01 | Shopizer - Stored XSS in Manage Files |
| CVE-2022-23061 | 2022-05-01 | Shopizer - IDOR delete superadmin |
| CVE-2022-28481 | 2022-05-01 | CSV-Safe gem < 3.0.0 doesn't filter out special characters which... |
| CVE-2022-25850 | 2022-05-01 | Server-side Request Forgery (SSRF) |
| CVE-2022-24437 | 2022-05-01 | Command Injection |
| CVE-2022-21230 | 2022-05-01 | Information Exposure |
| CVE-2022-21144 | 2022-05-01 | Denial of Service (DoS) |
| CVE-2022-21227 | 2022-05-01 | Denial of Service (DoS) |
| CVE-2022-21189 | 2022-05-01 | Prototype Pollution |
| CVE-2022-23923 | 2022-05-01 | Sandbox Bypass |
| CVE-2022-25844 | 2022-05-01 | Regular Expression Denial of Service (ReDoS) |
| CVE-2022-25842 | 2022-05-01 | Arbitrary File Write via Archive Extraction (Zip Slip) |
| CVE-2022-26068 | 2022-05-01 | Path Traversal |
| CVE-2022-21167 | 2022-05-01 | Arbitrary Code Execution |
| CVE-2022-25349 | 2022-05-01 | Cross-site Scripting (XSS) |
| CVE-2022-25647 | 2022-05-01 | Deserialization of Untrusted Data |
| CVE-2022-25767 | 2022-05-01 | Remote Code Execution |
| CVE-2022-25645 | 2022-05-01 | Prototype Pollution |
| CVE-2022-22143 | 2022-05-01 | Prototype Pollution |
| CVE-2022-21149 | 2022-05-01 | Cross-site Scripting (XSS) |
| CVE-2022-25301 | 2022-05-01 | Prototype Pollution |
| CVE-2021-31674 | 2022-05-01 | Cyclos 4 PRO 4.14.7 and before does not validate user... |
| CVE-2021-31673 | 2022-05-01 | A Dom-based Cross-site scripting (XSS) vulnerability at registration account in... |
| CVE-2022-28451 | 2022-05-01 | nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup... |
| CVE-2021-40822 | 2022-05-01 | GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via... |
| CVE-2022-29849 | 2022-05-01 | In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain... |
| CVE-2022-1475 | 2022-05-02 | An integer overflow vulnerability was found in FFmpeg versions before... |
| CVE-2022-29970 | 2022-05-02 | Sinatra before 2.2.0 does not validate that the expanded path... |
| CVE-2022-29968 | 2022-05-02 | An issue was discovered in the Linux kernel through 5.17.5.... |
| CVE-2022-29969 | 2022-05-02 | The RSS extension before 2022-04-29 for MediaWiki allows XSS via... |
| CVE-2022-29973 | 2022-05-02 | relan exFAT 1.3.0 allows local users to obtain sensitive information... |
| CVE-2021-46790 | 2022-05-02 | ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow... |
| CVE-2021-36778 | 2022-05-02 | Exposure of repository credentials to external third-party sources |
| CVE-2021-36784 | 2022-05-02 | Privilege escalation for users with create/update permissions in Global Roles |
| CVE-2021-4200 | 2022-05-02 | Write access to the Catalog for any user when restricted-admin role is enabled |
| CVE-2022-1300 | 2022-05-02 | Missing authentication in TRUMPF products may result in corruption of data |
| CVE-2022-23904 | 2022-05-02 | Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request... |
| CVE-2022-23064 | 2022-05-02 | Snipe-IT - Host Header Injection |
| CVE-2022-23065 | 2022-05-02 | Vendure - XSS via SVG File Upload |
| CVE-2022-28571 | 2022-05-02 | D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection... |
| CVE-2022-28572 | 2022-05-02 | Tenda AX1806 v1.0.0.1 was discovered to contain a command injection... |
| CVE-2022-28573 | 2022-05-02 | D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection... |
| CVE-2022-27466 | 2022-05-02 | MCMS v5.2.27 was discovered to contain a SQL injection vulnerability... |
| CVE-2022-27982 | 2022-05-02 | RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote... |
| CVE-2022-27983 | 2022-05-02 | RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary... |
| CVE-2022-28054 | 2022-05-02 | Improper sanitization of trigger action scripts in VanDyke Software VShell... |
| CVE-2022-28056 | 2022-05-02 | ShopXO v2.2.5 and below was discovered to contain a system... |
| CVE-2021-25002 | 2022-05-02 | Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure |
| CVE-2021-25086 | 2022-05-02 | Advanced Page Visit Counter < 6.1.2 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-25102 | 2022-05-02 | All In One WP Security < 4.4.11 - Authenticated Reflected Cross-Site Scripting |
| CVE-2022-0191 | 2022-05-02 | Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF |
| CVE-2022-0418 | 2022-05-02 | Event List < 0.8.8 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0428 | 2022-05-02 | Content Egg < 5.3.0 - Reflected Cross-Site Scripting |
| CVE-2022-0649 | 2022-05-02 | Adrotate < 5.8.23 - Admin+ XSS via Group Name |
| CVE-2022-0662 | 2022-05-02 | Adrotate < 5.8.23 - Admin+ XSS via Advert Name |
| CVE-2022-0771 | 2022-05-02 | SiteSuperCharger < 5.2.0 - Unauthenticated SQLi |
| CVE-2022-0773 | 2022-05-02 | Documentor <= 1.5.3 - Unauthenticated SQLi |
| CVE-2022-0783 | 2022-05-02 | Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQLi |
| CVE-2022-0952 | 2022-05-02 | Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update |
| CVE-2022-1046 | 2022-05-02 | Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1239 | 2022-05-02 | HubSpot < 8.8.15 - Contributor+ Blind SSRF |
| CVE-2022-1250 | 2022-05-02 | LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting |
| CVE-2022-1255 | 2022-05-02 | Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1269 | 2022-05-02 | Fast Flow < 1.2.12 - Reflected Cross-Site Scripting |
| CVE-2022-1273 | 2022-05-02 | Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE |
| CVE-2022-1281 | 2022-05-02 | Photo Gallery < 1.6.3 - Unauthenticated SQL Injection |
| CVE-2022-1282 | 2022-05-02 | Photo Gallery < 1.6.3 - Reflected Cross-Site Scripting |
| CVE-2021-29859 | 2022-05-02 | IBM ICP4A - User Management System Component (IBM Cloud Pak... |
| CVE-2022-1366 | 2022-05-02 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a... |
| CVE-2022-1367 | 2022-05-02 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a... |
| CVE-2022-1369 | 2022-05-02 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a... |
| CVE-2022-1370 | 2022-05-02 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a... |
| CVE-2022-1371 | 2022-05-02 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a... |
| CVE-2022-1372 | 2022-05-02 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a... |
| CVE-2022-1374 | 2022-05-02 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a... |
| CVE-2022-1375 | 2022-05-02 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a... |
| CVE-2022-1376 | 2022-05-02 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a... |
| CVE-2022-1377 | 2022-05-02 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a... |
| CVE-2022-1378 | 2022-05-02 | Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a... |
| CVE-2022-26325 | 2022-05-02 | Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2 |
| CVE-2022-26326 | 2022-05-02 | Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2 |
| CVE-2021-3643 | 2022-05-02 | A flaw was found in sox 14.4.1. The lsx_adpcm_init function... |
| CVE-2021-3750 | 2022-05-02 | A DMA reentrancy issue was found in the USB EHCI... |
| CVE-2022-1515 | 2022-05-02 | A memory leak was discovered in matio 1.5.21 and earlier... |
| CVE-2022-28613 | 2022-05-02 | Specially Crafted Modbus TCP Packet Vulnerability in RTU500 series |
| CVE-2022-29444 | 2022-05-02 | WordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-41810 | 2022-05-02 | Script injection in M-Files Server products with versions before 22.2.11051.0, allows executing stored script in admin tool |
| CVE-2021-36844 | 2022-05-02 | WordPress WP Subscribe plugin <= 1.2.12 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-24897 | 2022-05-02 | Arbitrary filesystem write access from Velocity |
| CVE-2022-23722 | 2022-05-02 | PingFederate Password Reset via Authentication API Mishandling |
| CVE-2022-23723 | 2022-05-02 | PingFederate PingOneMFA Integration Kit MFA Bypass |
| CVE-2021-4138 | 2022-05-02 | Improved Host header checks to reject requests not sent to... |
| CVE-2022-24974 | 2022-05-02 | Links may not be rewritten according to policy in some... |
| CVE-2021-42528 | 2022-05-02 | XMP-Toolkit Null Pointer Dereference Application denial-of-service |
| CVE-2021-42532 | 2022-05-02 | XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution |
| CVE-2021-42530 | 2022-05-02 | XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution |
| CVE-2021-42531 | 2022-05-02 | XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution |
| CVE-2021-42529 | 2022-05-02 | XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution |
| CVE-2020-23617 | 2022-05-02 | A cross site scripting (XSS) vulnerability in the error page... |