CVE List - 2022 / May
Showing 1501 - 1600 of 2161 CVEs for May 2022 (Page 16 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-28985 | 2022-05-20 | A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. |
| CVE-2021-34111 | 2022-05-20 | Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php. |
| CVE-2022-28987 | 2022-05-20 | Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. |
| CVE-2022-1754 | 2022-05-20 | Integer Overflow or Wraparound in polonel/trudesk |
| CVE-2022-1806 | 2022-05-20 | Cross-site Scripting (XSS) - Reflected in rtxteam/rtx |
| CVE-2022-25229 | 2022-05-20 | Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use... |
| CVE-2022-25227 | 2022-05-20 | Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an... |
| CVE-2022-25224 | 2022-05-20 | Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing... |
| CVE-2022-30551 | 2022-05-20 | OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. |
| CVE-2022-31215 | 2022-05-20 | In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period... |
| CVE-2022-1784 | 2022-05-20 | Server-Side Request Forgery (SSRF) in jgraph/drawio |
| CVE-2022-29021 | 2022-05-20 | A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via... |
| CVE-2022-29023 | 2022-05-20 | A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via... |
| CVE-2022-29022 | 2022-05-20 | A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via... |
| CVE-2022-26632 | 2022-05-20 | Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. |
| CVE-2022-26633 | 2022-05-20 | Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. |
| CVE-2022-26634 | 2022-05-20 | HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
| CVE-2022-27094 | 2022-05-20 | Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
| CVE-2022-28104 | 2022-05-20 | Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability. |
| CVE-2022-27095 | 2022-05-20 | BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
| CVE-2022-28105 | 2022-05-20 | Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. |
| CVE-2022-28106 | 2022-05-20 | Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. |
| CVE-2022-28991 | 2022-05-20 | Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. |
| CVE-2022-28992 | 2022-05-20 | A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. |
| CVE-2022-28993 | 2022-05-20 | Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. |
| CVE-2022-29320 | 2022-05-20 | MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
| CVE-2022-30518 | 2022-05-20 | ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. |
| CVE-2022-30887 | 2022-05-20 | Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image... |
| CVE-2022-30886 | 2022-05-20 | School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. |
| CVE-2022-24904 | 2022-05-20 | Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server |
| CVE-2022-24905 | 2022-05-20 | Argo CD login screen allows message spoofing if SSO is enabled |
| CVE-2022-29165 | 2022-05-20 | Argo CD will blindly trust JWT claims if anonymous access is enabled |
| CVE-2022-31245 | 2022-05-20 | mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync... |
| CVE-2022-28660 | 2022-05-20 | The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects... |
| CVE-2021-43729 | 2022-05-20 | Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter. |
| CVE-2021-43728 | 2022-05-20 | Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized SSID parameter. |
| CVE-2021-30028 | 2022-05-20 | SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmware remotely. |
| CVE-2022-29159 | 2022-05-20 | Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck |
| CVE-2022-24906 | 2022-05-20 | Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck |
| CVE-2022-29160 | 2022-05-20 | Sensitive files/data exist after deletion of user account in Nextcloud Android |
| CVE-2022-29163 | 2022-05-20 | Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server |
| CVE-2022-29170 | 2022-05-20 | Grafana Enterprise datasource network restrictions bypass via HTTP redirects |
| CVE-2022-29177 | 2022-05-20 | DoS via malicious p2p message in Go-Ethereum |
| CVE-2021-39043 | 2022-05-20 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus... |
| CVE-2022-22365 | 2022-05-20 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server... |
| CVE-2022-1770 | 2022-05-20 | Improper Privilege Management in polonel/trudesk |
| CVE-2022-28990 | 2022-05-20 | WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. |
| CVE-2022-29178 | 2022-05-20 | Incorrect Default Permissions in Cilium |
| CVE-2022-28531 | 2022-05-20 | Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. |
| CVE-2022-29179 | 2022-05-20 | Improper Privilege Management in Cilium |
| CVE-2022-28995 | 2022-05-20 | Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. |
| CVE-2022-29182 | 2022-05-20 | DOM-based XSS in GoCD |
| CVE-2022-29183 | 2022-05-20 | Reflected XSS in GoCD |
| CVE-2022-29184 | 2022-05-20 | Command Injection/Argument Injection in GoCD |
| CVE-2022-29185 | 2022-05-20 | Observable Timing Discrepancy in totp-rs |
| CVE-2021-36833 | 2022-05-20 | WordPress MC4WP plugin <= 4.8.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29424 | 2022-05-20 | WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29425 | 2022-05-20 | WordPress Checkout Files Upload for WooCommerce plugin <= 2.1.2 - Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29448 | 2022-05-20 | WordPress Herd Effects plugin <= 5.2 - Local File Inclusion (LFI) vulnerability |
| CVE-2022-21195 | 2022-05-20 | Regular Expression Denial of Service (ReDoS) |
| CVE-2022-29426 | 2022-05-20 | WordPress Slideshow, Image Slider by 2J plugin <= 1.3.54 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-24434 | 2022-05-20 | Denial of Service (DoS) |
| CVE-2022-29427 | 2022-05-20 | WordPress Disable Right Click For WP plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2022-29447 | 2022-05-20 | WordPress Hover Effects plugin <= 2.1 - Authenticated Local File Inclusion (LFI) vulnerability |
| CVE-2022-22973 | 2022-05-20 | VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'. |
| CVE-2022-22972 | 2022-05-20 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able... |
| CVE-2022-29434 | 2022-05-20 | WordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerability |
| CVE-2022-29186 | 2022-05-20 | Use of Hard-coded Cryptographic Key in rundeck/rundeck, rundeckpro/enterprise |
| CVE-2022-29192 | 2022-05-20 | Missing validation crashes `QuantizeAndDequantizeV4Grad` in TensorFlow |
| CVE-2022-29428 | 2022-05-20 | WordPress WP Slider Plugin <= 1.4.5 - Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29430 | 2022-05-20 | WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerability |
| CVE-2022-29431 | 2022-05-20 | Remove CPT base <= 5.8 - CSRF leads to CPT base deletion |
| CVE-2022-29432 | 2022-05-20 | WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2022-29191 | 2022-05-20 | Missing validation causes denial of service via `GetSessionTensor` in TensorFlow |
| CVE-2022-28618 | 2022-05-20 | A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could... |
| CVE-2022-29194 | 2022-05-20 | Missing validation causes denial of service via `DeleteSessionTensor` in TensorFlow |
| CVE-2022-29193 | 2022-05-20 | Missing validation causes `TensorSummaryV2` in TensorFlow to crash |
| CVE-2022-29200 | 2022-05-20 | Missing validation causes denial of service in TensorFlow via `LSTMBlockCell` |
| CVE-2022-29199 | 2022-05-20 | Missing validation causes denial of service in TensorFlow via `LoadAndRemapMatrix` |
| CVE-2022-1803 | 2022-05-20 | Improper Restriction of Rendered UI Layers or Frames in polonel/trudesk |
| CVE-2022-29198 | 2022-05-20 | Missing validation causes denial of service in TensorFlow via `SparseTensorToCSRSparseMatrix` |
| CVE-2022-29196 | 2022-05-20 | Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2` |
| CVE-2022-29197 | 2022-05-20 | Missing validation causes denial of service in TensorFlow via `UnsortedSegmentJoin` |
| CVE-2022-29195 | 2022-05-20 | Missing validation causes denial of service in TensorFlow via `StagePeek` |
| CVE-2022-31258 | 2022-05-20 | In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. |
| CVE-2022-29207 | 2022-05-20 | Undefined behavior when users supply invalid resource handles in TensorFlow |
| CVE-2022-29206 | 2022-05-20 | Missing validation results in undefined behavior in `SparseTensorDenseAdd` in TensorFlow |
| CVE-2022-29205 | 2022-05-20 | Segfault due to missing support for quantized types in TensorFlow |
| CVE-2022-29208 | 2022-05-20 | Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow |
| CVE-2022-1775 | 2022-05-20 | Weak Password Requirements in polonel/trudesk |
| CVE-2022-29204 | 2022-05-20 | Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2` |
| CVE-2022-29203 | 2022-05-20 | Integer overflow in `SpaceToBatchND` in TensorFlow |
| CVE-2022-29202 | 2022-05-20 | Denial of service in TensorFlow due to lack of validation in `tf.ragged.constant` |
| CVE-2022-29201 | 2022-05-20 | Missing validation in `QuantizedConv2D` results in undefined behavior in TensorFlow |
| CVE-2022-29212 | 2022-05-20 | Core dump when loading TFLite models with quantization in TensorFlow |
| CVE-2022-29211 | 2022-05-20 | Segfault in TensorFlow if `tf.histogram_fixed_width` is called with NaN values |
| CVE-2022-29209 | 2022-05-20 | Type confusion leading to `CHECK`-failure based denial of service in TensorFlow |
| CVE-2022-29210 | 2022-05-20 | Heap buffer overflow due to incorrect hash function in TensorFlow |
| CVE-2022-29213 | 2022-05-20 | Incomplete validation in signal ops leads to crashes in TensorFlow |
| CVE-2022-29216 | 2022-05-20 | Code injection in `saved_model_cli` in TensorFlow |