CVE List - 2022 / May
Showing 1601 - 1700 of 2161 CVEs for May 2022 (Page 17 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-29216 | 2022-05-20 | Code injection in `saved_model_cli` in TensorFlow |
| CVE-2022-29214 | 2022-05-20 | URL Redirection to Untrusted Site ('Open Redirect') in next-auth |
| CVE-2022-29188 | 2022-05-20 | Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen |
| CVE-2022-29190 | 2022-05-20 | Header reconstruction method can be thrown into an infinite loop in Pion DTLS |
| CVE-2022-29189 | 2022-05-20 | Buffer for inbound DTLS fragments has no limit |
| CVE-2022-31259 | 2022-05-21 | The route lookup process in beego before 1.12.9 and 2.x... |
| CVE-2022-29222 | 2022-05-21 | Improper Certificate Validation in Pion DTLS |
| CVE-2022-29215 | 2022-05-21 | Argument Injection in RegionProtect |
| CVE-2022-1752 | 2022-05-21 | Unrestricted Upload of File with Dangerous Type in polonel/trudesk |
| CVE-2022-31264 | 2022-05-21 | Solana solana_rbpf before 0.2.29 has an addition integer overflow via... |
| CVE-2022-31268 | 2022-05-21 | A Path Traversal vulnerability in Gitblit 1.9.3 can lead to... |
| CVE-2022-31267 | 2022-05-21 | Gitblit 1.9.2 allows privilege escalation via the Config User Service:... |
| CVE-2022-1809 | 2022-05-21 | Access of Uninitialized Pointer in radareorg/radare2 |
| CVE-2022-1813 | 2022-05-22 | OS Command Injection in yogeshojha/rengine |
| CVE-2022-1810 | 2022-05-23 | Authorization Bypass Through User-Controlled Key in publify/publify |
| CVE-2021-41834 | 2022-05-23 | JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable... |
| CVE-2022-0346 | 2022-05-23 | Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting |
| CVE-2022-0781 | 2022-05-23 | Nirweb support < 2.8.2 - Unauthenticated SQLi |
| CVE-2022-1014 | 2022-05-23 | WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi |
| CVE-2022-1093 | 2022-05-23 | WP Meta SEO < 4.4.7 - Admin+ Stored Cross-Site Scripting via breadcrumbs |
| CVE-2022-1192 | 2022-05-23 | Turn off all comments <= 1.0 - Reflected Cross-Site Scripting |
| CVE-2022-1218 | 2022-05-23 | Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting |
| CVE-2022-1221 | 2022-05-23 | Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting |
| CVE-2022-1268 | 2022-05-23 | Donate Extra <= 2.02 - Reflected Cross-Site Scripting |
| CVE-2022-1298 | 2022-05-23 | Tabs Responsive < 2.2.8 - Editor+ Stored Cross-Site Scripting |
| CVE-2022-1320 | 2022-05-23 | Sliderby10Web < 1.2.52 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1547 | 2022-05-23 | Check & Log email < 1.0.6 - Reflected Cross-Site Scripting |
| CVE-2022-1558 | 2022-05-23 | Curtain <= 1.0.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-29599 | 2022-05-23 | Commandline class shell injection vulnerabilities |
| CVE-2022-28874 | 2022-05-23 | Multiple Denial-of-Service (DoS) Vulnerabilities |
| CVE-2021-42585 | 2022-05-23 | A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c... |
| CVE-2021-42586 | 2022-05-23 | A heap buffer overflow was discovered in copy_bytes in decode_r2007.c... |
| CVE-2022-1825 | 2022-05-23 | Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence |
| CVE-2022-1816 | 2022-05-23 | Zoo Management System Content Module cross site scripting |
| CVE-2022-1817 | 2022-05-23 | Badminton Center Management System Userlist Module cross site scripting |
| CVE-2022-0900 | 2022-05-23 | Cross-Site Scripting Vulnerability in DivvyDrive |
| CVE-2022-1811 | 2022-05-23 | Unrestricted Upload of File with Dangerous Type in publify/publify |
| CVE-2022-28997 | 2022-05-23 | CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery... |
| CVE-2022-28998 | 2022-05-23 | Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer... |
| CVE-2022-29005 | 2022-05-23 | Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of... |
| CVE-2021-41714 | 2022-05-23 | In Tipask < 3.5.9, path parameters entered by the user... |
| CVE-2022-29004 | 2022-05-23 | Diary Management System v1.0 was discovered to contain a cross-site... |
| CVE-2022-30014 | 2022-05-23 | Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross... |
| CVE-2022-28932 | 2022-05-23 | D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. |
| CVE-2022-30017 | 2022-05-23 | Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading... |
| CVE-2022-30016 | 2022-05-23 | Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access... |
| CVE-2022-28944 | 2022-05-23 | Certain EMCO Software products are affected by: CWE-494: Download of... |
| CVE-2021-42233 | 2022-05-23 | The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to... |
| CVE-2022-31467 | 2022-05-23 | DLL Hijacking Vulnerability in Quick Heal Total Security |
| CVE-2022-31466 | 2022-05-23 | TOCTOU Vulnerability in Quick Heal Total Security |
| CVE-2021-32935 | 2022-05-23 | Cognex In-Sight OPC Server - Deserialization of Untrusted Data |
| CVE-2021-32941 | 2022-05-23 | Annke Network Video Recorder - Stack-based Buffer Overflow |
| CVE-2022-1467 | 2022-05-23 | AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere |
| CVE-2021-32958 | 2022-05-23 | Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel |
| CVE-2022-31489 | 2022-05-23 | Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. |
| CVE-2022-31488 | 2022-05-23 | Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. |
| CVE-2022-31487 | 2022-05-23 | Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow... |
| CVE-2022-28999 | 2022-05-23 | Insecure permissions in the install directories and binaries of Dev-CPP... |
| CVE-2022-29376 | 2022-05-23 | Xampp for Windows v8.1.4 and below was discovered to contain... |
| CVE-2022-30015 | 2022-05-23 | In Simple Food Website 1.0, a moderation can put the... |
| CVE-2022-29002 | 2022-05-23 | A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers... |
| CVE-2022-26531 | 2022-05-24 | Multiple improper input validation flaws were identified in some CLI... |
| CVE-2022-29221 | 2022-05-24 | PHP Code Injection by malicious block or filename in Smarty |
| CVE-2022-29377 | 2022-05-24 | Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow... |
| CVE-2022-29305 | 2022-05-24 | imgurl v2.31 was discovered to contain a Blind SQL injection... |
| CVE-2022-0734 | 2022-05-24 | A cross-site scripting vulnerability was identified in the CGI program... |
| CVE-2022-29309 | 2022-05-24 | mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. |
| CVE-2022-0910 | 2022-05-24 | A downgrade from two-factor authentication to one-factor authentication vulnerability in... |
| CVE-2022-31263 | 2022-05-24 | app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail... |
| CVE-2022-26532 | 2022-05-24 | A argument injection vulnerability in the 'packet-trace' CLI command of... |
| CVE-2022-1819 | 2022-05-24 | Student Information System Student Roll Module cross site scripting |
| CVE-2022-1837 | 2022-05-24 | Home Clean Services Management System unrestricted upload |
| CVE-2022-1838 | 2022-05-24 | Home Clean Services Management System login.php sql injection |
| CVE-2022-1839 | 2022-05-24 | Home Clean Services Management System login.php sql injection |
| CVE-2022-1840 | 2022-05-24 | Home Clean Services Management System cross site scripting |
| CVE-2022-1848 | 2022-05-24 | Business Logic Errors in erudika/para |
| CVE-2021-42659 | 2022-05-24 | There is a buffer overflow vulnerability in the Web server... |
| CVE-2022-1849 | 2022-05-24 | Session Fixation in filegator/filegator |
| CVE-2022-1850 | 2022-05-24 | Path Traversal in filegator/filegator |
| CVE-2021-42654 | 2022-05-24 | SiteServer CMS < V5.1 is affected by an unrestricted upload... |
| CVE-2022-30454 | 2022-05-24 | Merchandise Online Store 1.0 is vulnerable to SQL Injection via... |
| CVE-2021-42655 | 2022-05-24 | SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. |
| CVE-2022-30456 | 2022-05-24 | Badminton Center Management System 1.0 is vulnerable to Cross Site... |
| CVE-2022-30455 | 2022-05-24 | Badminton Center Management System 1.0 is vulnerable to SQL Injection... |
| CVE-2021-42656 | 2022-05-24 | SiteServer CMS V6.15.51 is affected by a Cross Site Scripting... |
| CVE-2022-30460 | 2022-05-24 | Simple Social Networking Site v1.0 is vulnerable to Cross Site... |
| CVE-2022-30458 | 2022-05-24 | Automotive Shop Management System v1.0 is vulnerable to Cross Site... |
| CVE-2022-30463 | 2022-05-24 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection... |
| CVE-2022-30464 | 2022-05-24 | ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to... |
| CVE-2022-30459 | 2022-05-24 | ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to... |
| CVE-2022-30462 | 2022-05-24 | Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via... |
| CVE-2022-30461 | 2022-05-24 | Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id |
| CVE-2022-30837 | 2022-05-24 | Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2022-30842 | 2022-05-24 | Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross... |
| CVE-2022-30838 | 2022-05-24 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL... |
| CVE-2022-30843 | 2022-05-24 | Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. |
| CVE-2022-30839 | 2022-05-24 | Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via... |
| CVE-2022-29217 | 2022-05-24 | Key confusion through non-blocklisted public key formats in PyJWT |
| CVE-2022-29219 | 2022-05-24 | Integer Overflow in Lodestar |
| CVE-2022-29567 | 2022-05-24 | Possible information disclosure inside TreeGrid component with default data provider |