CVE List - 2022 / May
Showing 1201 - 1300 of 2161 CVEs for May 2022 (Page 13 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-1062 | 2022-05-16 | th23 Social <= 1.2.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1089 | 2022-05-16 | Bulk Edit and Create User Profiles < 1.5.14 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1103 | 2022-05-16 | Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload |
| CVE-2022-1182 | 2022-05-16 | Visual Slide Box Builder <= 3.2.9 - Subscriber+ SQLi |
| CVE-2022-1216 | 2022-05-16 | Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting |
| CVE-2022-1217 | 2022-05-16 | Custom TinyMCE Shortcode Button <= 1.1 - Reflected Cross-Site Scripting |
| CVE-2022-1265 | 2022-05-16 | BulletProof Security < 6.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1267 | 2022-05-16 | BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting |
| CVE-2022-1334 | 2022-05-16 | WP YouTube Live < 1.8.3 - Admin+ Stored Cross Site Scripting |
| CVE-2022-1349 | 2022-05-16 | WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR |
| CVE-2022-1386 | 2022-05-16 | Fusion Builder < 3.6.2 - Unauthenticated SSRF |
| CVE-2022-1393 | 2022-05-16 | WP Subtitle < 3.4.1 - Contributor+ Stored Cross-Site Scripting |
| CVE-2022-1398 | 2022-05-16 | External Media without Import <= 1.1.2 - Subscriber+ Blind SSRF |
| CVE-2022-1407 | 2022-05-16 | VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1408 | 2022-05-16 | VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1409 | 2022-05-16 | VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload |
| CVE-2022-1418 | 2022-05-16 | Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1425 | 2022-05-16 | WPQA < 5.2 - Subscriber+ Private Message Disclosure via IDOR |
| CVE-2022-1435 | 2022-05-16 | WPCargo Track & Trace < 6.9.5 - Admin+ Stored Cross Site Scripting |
| CVE-2022-1436 | 2022-05-16 | WPCargo Track & Trace < 6.9.5 - Reflected Cross Site Scripting |
| CVE-2022-1455 | 2022-05-16 | Call Now Button < 1.1.2 - Reflected Cross-Site Scripting |
| CVE-2022-1465 | 2022-05-16 | WPC Smart Wishlist for WooCommerce < 2.9.9 - Reflected Cross-Site Scripting |
| CVE-2022-1512 | 2022-05-16 | ScrollReveal.js Effects <= 1.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1557 | 2022-05-16 | ULeak Security & Monitoring <= 1.2.3 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2022-1559 | 2022-05-16 | Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1560 | 2022-05-16 | Amministrazione Aperta < 3.8 - Admin+ LFI |
| CVE-2022-1722 | 2022-05-16 | SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio |
| CVE-2022-1721 | 2022-05-16 | Path Traversal in WellKnownServlet in jgraph/drawio |
| CVE-2022-0574 | 2022-05-16 | Improper Access Control in publify/publify |
| CVE-2022-0578 | 2022-05-16 | Code Injection in publify/publify |
| CVE-2022-1713 | 2022-05-16 | SSRF on /proxy in jgraph/drawio |
| CVE-2022-1553 | 2022-05-16 | Leaking password protected articles content due to improper access control in publify/publify |
| CVE-2022-0573 | 2022-05-16 | JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request... |
| CVE-2022-1719 | 2022-05-16 | Reflected XSS on ticket filter function in polonel/trudesk |
| CVE-2022-1718 | 2022-05-16 | The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in polonel/trudesk |
| CVE-2022-30523 | 2022-05-16 | Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents... |
| CVE-2022-1728 | 2022-05-16 | Allowing long password leads to denial of service in polonel/trudesk in polonel/trudesk |
| CVE-2022-1726 | 2022-05-16 | Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in wenzhixin/bootstrap-table |
| CVE-2021-33318 | 2022-05-16 | An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses... |
| CVE-2022-30050 | 2022-05-16 | Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. |
| CVE-2022-30055 | 2022-05-16 | Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. |
| CVE-2022-25169 | 2022-05-16 | Apache Tika BPGParser Memory Usage DoS |
| CVE-2022-30126 | 2022-05-16 | Apache Tika Regular Expression Denial of Service in Standards Extractor |
| CVE-2021-23265 | 2022-05-16 | Improper Privilege Management in Crafter Studio |
| CVE-2021-23266 | 2022-05-16 | Improper Output Neutralization for Logs in Crafter Studio |
| CVE-2021-23267 | 2022-05-16 | Improper Control of Dynamically-Managed Code Resources in Crafter Studio |
| CVE-2021-27442 | 2022-05-16 | Weintek EasyWeb cMT Cross-site Scripting |
| CVE-2021-27444 | 2022-05-16 | Weintek EasyWeb cMT Improper Access Control |
| CVE-2021-27446 | 2022-05-16 | Weintek EasyWeb cMT Code Injection |
| CVE-2022-30695 | 2022-05-16 | Local privilege escalation due to excessive permissions assigned to child processes |
| CVE-2022-30696 | 2022-05-16 | Local privilege escalation due to a DLL hijacking vulnerability |
| CVE-2022-30697 | 2022-05-16 | Local privilege escalation due to insecure folder permissions |
| CVE-2021-33001 | 2022-05-16 | xArrow SCADA Cross-site Scripting |
| CVE-2021-33021 | 2022-05-16 | xArrow SCADA Cross-site Scripting |
| CVE-2021-33025 | 2022-05-16 | xArrow SCADA Path Traversal |
| CVE-2022-1731 | 2022-05-16 | Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable... |
| CVE-2022-23657 | 2022-05-16 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to... |
| CVE-2022-23658 | 2022-05-16 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to... |
| CVE-2022-23659 | 2022-05-16 | A remote reflected cross site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has... |
| CVE-2022-23660 | 2022-05-16 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to... |
| CVE-2022-23663 | 2022-05-16 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates... |
| CVE-2022-23662 | 2022-05-16 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates... |
| CVE-2022-23661 | 2022-05-16 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates... |
| CVE-2022-23664 | 2022-05-16 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates... |
| CVE-2022-23665 | 2022-05-16 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates... |
| CVE-2022-23666 | 2022-05-16 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates... |
| CVE-2022-23668 | 2022-05-16 | A remote authenticated server-side request forgery (ssrf) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has... |
| CVE-2022-23667 | 2022-05-16 | A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates... |
| CVE-2022-23670 | 2022-05-16 | A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates... |
| CVE-2022-1706 | 2022-05-17 | A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the... |
| CVE-2022-1733 | 2022-05-17 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-1735 | 2022-05-17 | Classic Buffer Overflow in vim/vim |
| CVE-2022-1769 | 2022-05-17 | Buffer Over-read in vim/vim |
| CVE-2022-28181 | 2022-05-17 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through... |
| CVE-2022-28183 | 2022-05-17 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to... |
| CVE-2022-28184 | 2022-05-17 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers,... |
| CVE-2022-28185 | 2022-05-17 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial... |
| CVE-2022-30007 | 2022-05-17 | GXCMS V1.5 has a file upload vulnerability in the background. The vulnerability is the template management page. You can edit any template content and then rename to PHP suffix file,... |
| CVE-2022-30067 | 2022-05-17 | GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program... |
| CVE-2022-30952 | 2022-05-17 | Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of... |
| CVE-2022-29162 | 2022-05-17 | Incorrect Default Permissions in runc |
| CVE-2022-1753 | 2022-05-17 | WoWonder Group requests.php access control |
| CVE-2013-10001 | 2022-05-17 | HTC One/Sense Mail Client certificate validation |
| CVE-2022-26650 | 2022-05-17 | Apache ShenYu (incubating) Regular expression denial of service |
| CVE-2022-1723 | 2022-05-17 | Server-Side Request Forgery (SSRF) in jgraph/drawio |
| CVE-2021-42943 | 2022-05-17 | Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter. |
| CVE-2021-42643 | 2022-05-17 | cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to... |
| CVE-2021-42644 | 2022-05-17 | cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be... |
| CVE-2022-1711 | 2022-05-17 | Server-Side Request Forgery (SSRF) in jgraph/drawio |
| CVE-2022-30110 | 2022-05-17 | The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone... |
| CVE-2022-29332 | 2022-05-17 | D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access.... |
| CVE-2022-30945 | 2022-05-17 | Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. |
| CVE-2022-30946 | 2022-05-17 | A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. |
| CVE-2022-30947 | 2022-05-17 | Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM... |
| CVE-2022-30948 | 2022-05-17 | Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM... |
| CVE-2022-30949 | 2022-05-17 | Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM... |
| CVE-2022-30950 | 2022-05-17 | Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named... |
| CVE-2022-30951 | 2022-05-17 | Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed... |
| CVE-2022-30953 | 2022-05-17 | A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. |
| CVE-2022-30954 | 2022-05-17 | Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. |