CVE List - 2022 / May
Showing 1601 - 1700 of 2161 CVEs for May 2022 (Page 17 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-29214 | 2022-05-20 | URL Redirection to Untrusted Site ('Open Redirect') in next-auth |
| CVE-2022-29188 | 2022-05-20 | Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen |
| CVE-2022-29190 | 2022-05-20 | Header reconstruction method can be thrown into an infinite loop in Pion DTLS |
| CVE-2022-29189 | 2022-05-20 | Buffer for inbound DTLS fragments has no limit |
| CVE-2022-31259 | 2022-05-21 | The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending... |
| CVE-2022-29222 | 2022-05-21 | Improper Certificate Validation in Pion DTLS |
| CVE-2022-29215 | 2022-05-21 | Argument Injection in RegionProtect |
| CVE-2022-1752 | 2022-05-21 | Unrestricted Upload of File with Dangerous Type in polonel/trudesk |
| CVE-2022-31264 | 2022-05-21 | Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. |
| CVE-2022-31268 | 2022-05-21 | A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). |
| CVE-2022-31267 | 2022-05-21 | Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "#admin"' value. |
| CVE-2022-1809 | 2022-05-21 | Access of Uninitialized Pointer in radareorg/radare2 |
| CVE-2022-1813 | 2022-05-22 | OS Command Injection in yogeshojha/rengine |
| CVE-2022-1810 | 2022-05-23 | Authorization Bypass Through User-Controlled Key in publify/publify |
| CVE-2021-41834 | 2022-05-23 | JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact... |
| CVE-2022-0346 | 2022-05-23 | Google XML Sitemap Generator < 2.0.4 - Reflected Cross-Site Scripting |
| CVE-2022-0781 | 2022-05-23 | Nirweb support < 2.8.2 - Unauthenticated SQLi |
| CVE-2022-1014 | 2022-05-23 | WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi |
| CVE-2022-1093 | 2022-05-23 | WP Meta SEO < 4.4.7 - Admin+ Stored Cross-Site Scripting via breadcrumbs |
| CVE-2022-1192 | 2022-05-23 | Turn off all comments <= 1.0 - Reflected Cross-Site Scripting |
| CVE-2022-1218 | 2022-05-23 | Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting |
| CVE-2022-1221 | 2022-05-23 | Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting |
| CVE-2022-1268 | 2022-05-23 | Donate Extra <= 2.02 - Reflected Cross-Site Scripting |
| CVE-2022-1298 | 2022-05-23 | Tabs Responsive < 2.2.8 - Editor+ Stored Cross-Site Scripting |
| CVE-2022-1320 | 2022-05-23 | Sliderby10Web < 1.2.52 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1547 | 2022-05-23 | Check & Log email < 1.0.6 - Reflected Cross-Site Scripting |
| CVE-2022-1558 | 2022-05-23 | Curtain <= 1.0.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-29599 | 2022-05-23 | Commandline class shell injection vulnerabilities |
| CVE-2022-28874 | 2022-05-23 | Multiple Denial-of-Service (DoS) Vulnerabilities |
| CVE-2021-42585 | 2022-05-23 | A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. |
| CVE-2021-42586 | 2022-05-23 | A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. |
| CVE-2022-1825 | 2022-05-23 | Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence |
| CVE-2022-1816 | 2022-05-23 | Zoo Management System Content Module cross site scripting |
| CVE-2022-1817 | 2022-05-23 | Badminton Center Management System Userlist Module cross site scripting |
| CVE-2022-0900 | 2022-05-23 | Cross-Site Scripting Vulnerability in DivvyDrive |
| CVE-2022-1811 | 2022-05-23 | Unrestricted Upload of File with Dangerous Type in publify/publify |
| CVE-2022-28997 | 2022-05-23 | CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. |
| CVE-2022-28998 | 2022-05-23 | Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code. |
| CVE-2022-29005 | 2022-05-23 | Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2021-41714 | 2022-05-23 | In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env,... |
| CVE-2022-29004 | 2022-05-23 | Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. |
| CVE-2022-30014 | 2022-05-23 | Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. |
| CVE-2022-28932 | 2022-05-23 | D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. |
| CVE-2022-30017 | 2022-05-23 | Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing. |
| CVE-2022-30016 | 2022-05-23 | Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info. |
| CVE-2022-28944 | 2022-05-23 | Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping... |
| CVE-2021-42233 | 2022-05-23 | The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur. |
| CVE-2022-31467 | 2022-05-23 | DLL Hijacking Vulnerability in Quick Heal Total Security |
| CVE-2022-31466 | 2022-05-23 | TOCTOU Vulnerability in Quick Heal Total Security |
| CVE-2021-32935 | 2022-05-23 | Cognex In-Sight OPC Server - Deserialization of Untrusted Data |
| CVE-2021-32941 | 2022-05-23 | Annke Network Video Recorder - Stack-based Buffer Overflow |
| CVE-2022-1467 | 2022-05-23 | AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere |
| CVE-2021-32958 | 2022-05-23 | Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel |
| CVE-2022-31489 | 2022-05-23 | Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. |
| CVE-2022-31488 | 2022-05-23 | Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. |
| CVE-2022-31487 | 2022-05-23 | Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. |
| CVE-2022-28999 | 2022-05-23 | Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. |
| CVE-2022-29376 | 2022-05-23 | Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. |
| CVE-2022-30015 | 2022-05-23 | In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss. |
| CVE-2022-29002 | 2022-05-23 | A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. |
| CVE-2022-26531 | 2022-05-24 | Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series... |
| CVE-2022-29221 | 2022-05-24 | PHP Code Injection by malicious block or filename in Smarty |
| CVE-2022-29377 | 2022-05-24 | Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter... |
| CVE-2022-29305 | 2022-05-24 | imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. |
| CVE-2022-0734 | 2022-05-24 | A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware... |
| CVE-2022-29309 | 2022-05-24 | mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. |
| CVE-2022-0910 | 2022-05-24 | A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21,... |
| CVE-2022-31263 | 2022-05-24 | app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. |
| CVE-2022-26532 | 2022-05-24 | A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions... |
| CVE-2022-1819 | 2022-05-24 | Student Information System Student Roll Module cross site scripting |
| CVE-2022-1837 | 2022-05-24 | Home Clean Services Management System unrestricted upload |
| CVE-2022-1838 | 2022-05-24 | Home Clean Services Management System login.php sql injection |
| CVE-2022-1839 | 2022-05-24 | Home Clean Services Management System login.php sql injection |
| CVE-2022-1840 | 2022-05-24 | Home Clean Services Management System cross site scripting |
| CVE-2022-1848 | 2022-05-24 | Business Logic Errors in erudika/para |
| CVE-2021-42659 | 2022-05-24 | There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When... |
| CVE-2022-1849 | 2022-05-24 | Session Fixation in filegator/filegator |
| CVE-2022-1850 | 2022-05-24 | Path Traversal in filegator/filegator |
| CVE-2021-42654 | 2022-05-24 | SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. |
| CVE-2022-30454 | 2022-05-24 | Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. |
| CVE-2021-42655 | 2022-05-24 | SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. |
| CVE-2022-30456 | 2022-05-24 | Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. |
| CVE-2022-30455 | 2022-05-24 | Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. |
| CVE-2021-42656 | 2022-05-24 | SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. |
| CVE-2022-30460 | 2022-05-24 | Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. |
| CVE-2022-30458 | 2022-05-24 | Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. |
| CVE-2022-30463 | 2022-05-24 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. |
| CVE-2022-30464 | 2022-05-24 | ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. |
| CVE-2022-30459 | 2022-05-24 | ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. |
| CVE-2022-30462 | 2022-05-24 | Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. |
| CVE-2022-30461 | 2022-05-24 | Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id |
| CVE-2022-30837 | 2022-05-24 | Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. |
| CVE-2022-30842 | 2022-05-24 | Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. |
| CVE-2022-30838 | 2022-05-24 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status |
| CVE-2022-30843 | 2022-05-24 | Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. |
| CVE-2022-30839 | 2022-05-24 | Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. |
| CVE-2022-29217 | 2022-05-24 | Key confusion through non-blocklisted public key formats in PyJWT |
| CVE-2022-29219 | 2022-05-24 | Integer Overflow in Lodestar |
| CVE-2022-29567 | 2022-05-24 | Possible information disclosure inside TreeGrid component with default data provider |
| CVE-2022-29223 | 2022-05-24 | Buffer overflow on HUB descriptor in Azure RTOS USBX |