CVE List - 2022 / May
Showing 2001 - 2100 of 2161 CVEs for May 2022 (Page 21 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-24238 | 2022-05-27 | ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. |
| CVE-2022-24239 | 2022-05-27 | ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. |
| CVE-2022-24240 | 2022-05-27 | ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. |
| CVE-2022-24241 | 2022-05-27 | ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. |
| CVE-2022-24581 | 2022-05-27 | ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce... |
| CVE-2022-29692 | 2022-05-27 | Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. |
| CVE-2022-29693 | 2022-05-27 | Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. |
| CVE-2022-29694 | 2022-05-27 | Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. |
| CVE-2022-29695 | 2022-05-27 | Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. |
| CVE-2022-25878 | 2022-05-27 | Prototype Pollution |
| CVE-2022-29628 | 2022-05-27 | A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page... |
| CVE-2022-29627 | 2022-05-27 | An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. |
| CVE-2022-31782 | 2022-05-27 | ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. |
| CVE-2022-1927 | 2022-05-29 | Buffer Over-read in vim/vim |
| CVE-2022-1928 | 2022-05-29 | Cross-site Scripting (XSS) - Stored in go-gitea/gitea |
| CVE-2022-31796 | 2022-05-29 | libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. |
| CVE-2022-24967 | 2022-05-29 | Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). |
| CVE-2022-31799 | 2022-05-29 | Bottle before 0.12.20 mishandles errors during early request binding. |
| CVE-2022-1203 | 2022-05-30 | Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update |
| CVE-2022-0376 | 2022-05-30 | User Meta < 2.4.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-0642 | 2022-05-30 | JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF |
| CVE-2022-1009 | 2022-05-30 | Smush < 3.9.9 - Admin+ Reflected Cross-Site Scripting |
| CVE-2022-1275 | 2022-05-30 | BannerMan <= 0.2.4 - Multiple Admin+ Stored Cross-Site Scripting |
| CVE-2022-1294 | 2022-05-30 | IMDB info box <= 2.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1299 | 2022-05-30 | Slideshow <= 2.3.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1387 | 2022-05-30 | No Future Posts <= 1.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1395 | 2022-05-30 | Easy FAQ with Expanding Text <= 3.2.8.3.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1456 | 2022-05-30 | Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1527 | 2022-05-30 | WP 2FA < 2.2.1 - Reflected Cross-Site Scripting |
| CVE-2022-1528 | 2022-05-30 | VikBooking < 1.5.9 - Reflected Cross-Site Scripting |
| CVE-2022-1542 | 2022-05-30 | HPB Dashboard <= 1.3.1 - Admin+ Stored Cross Site Scripting |
| CVE-2022-1556 | 2022-05-30 | StaffList < 3.1.5 - Admin+ SQLi |
| CVE-2022-1562 | 2022-05-30 | Enable SVG < 1.4.0 - Author+ Stored Cross Site Scripting via SVG |
| CVE-2022-1564 | 2022-05-30 | Form Maker By 10Web < 1.14.12 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1566 | 2022-05-30 | Quotes llama < 1.0.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1568 | 2022-05-30 | Team Members < 5.1.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1582 | 2022-05-30 | External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2022-1583 | 2022-05-30 | External Links in New Window / New Tab < 1.43 - Tabnabbing |
| CVE-2022-1589 | 2022-05-30 | Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update |
| CVE-2022-1611 | 2022-05-30 | Bulk Page Creator < 1.1.4 - Arbitrary Page Creation via CSRF |
| CVE-2022-1643 | 2022-05-30 | Birthdays Widget <= 1.7.18 - Admin+ Stored Cross Site Scripting |
| CVE-2022-1644 | 2022-05-30 | Call&Book Mobile Bar <= 1.2.2 - Admin+ Stored Cross Site Scripting |
| CVE-2022-1645 | 2022-05-30 | Amazon Link <= 3.2.10 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1646 | 2022-05-30 | Simple Real Estate Pack <= 1.4.8 - Admin+ Stored Cross Site Scripting |
| CVE-2022-28799 | 2022-05-30 | The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker... |
| CVE-2020-28246 | 2022-05-31 | A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was... |
| CVE-2022-1215 | 2022-05-31 | A format string vulnerability was found in libinput |
| CVE-2022-1462 | 2022-05-31 | An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI... |
| CVE-2022-31001 | 2022-05-31 | Out-of-bounds Read in Sofia-SIP |
| CVE-2022-1942 | 2022-05-31 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-31002 | 2022-05-31 | Out-of-bounds Read in Sofia-SIP |
| CVE-2022-31003 | 2022-05-31 | Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP |
| CVE-2022-1931 | 2022-05-31 | Incorrect Synchronization in polonel/trudesk |
| CVE-2022-1934 | 2022-05-31 | Use After Free in mruby/mruby |
| CVE-2022-26491 | 2022-05-31 | An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS... |
| CVE-2022-1926 | 2022-05-31 | Integer Overflow or Wraparound in polonel/trudesk |
| CVE-2021-3555 | 2022-05-31 | A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K... |
| CVE-2022-31500 | 2022-05-31 | In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. |
| CVE-2022-30034 | 2022-05-31 | Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API... |
| CVE-2022-29711 | 2022-05-31 | LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. |
| CVE-2022-29712 | 2022-05-31 | LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. |
| CVE-2022-30973 | 2022-05-31 | Missing fix for CVE-2022-30126 in 1.28.2 |
| CVE-2022-29725 | 2022-05-31 | An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-23082 | 2022-05-31 | CureKit - Path Traversal in isFileOutsideDir |
| CVE-2022-31338 | 2022-05-31 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. |
| CVE-2022-31337 | 2022-05-31 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=. |
| CVE-2022-31336 | 2022-05-31 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php. |
| CVE-2022-31335 | 2022-05-31 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=. |
| CVE-2022-30794 | 2022-05-31 | Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. |
| CVE-2022-30795 | 2022-05-31 | Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. |
| CVE-2022-30797 | 2022-05-31 | Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. |
| CVE-2022-30798 | 2022-05-31 | Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. |
| CVE-2022-30799 | 2022-05-31 | Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. |
| CVE-2022-31327 | 2022-05-31 | Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. |
| CVE-2022-31328 | 2022-05-31 | Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. |
| CVE-2022-31329 | 2022-05-31 | Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. |
| CVE-2022-22361 | 2022-05-31 | IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business... |
| CVE-2022-30816 | 2022-05-31 | elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. |
| CVE-2022-30815 | 2022-05-31 | elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= |
| CVE-2022-29220 | 2022-05-31 | No verification of commits origin in github-action-merge-dependabot |
| CVE-2022-29243 | 2022-05-31 | Improper input-size validation on the user new session name in Nextcloud Server |
| CVE-2022-30814 | 2022-05-31 | elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. |
| CVE-2022-30813 | 2022-05-31 | elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. |
| CVE-2022-30810 | 2022-05-31 | elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. |
| CVE-2022-30809 | 2022-05-31 | elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. |
| CVE-2022-30808 | 2022-05-31 | elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. |
| CVE-2022-30804 | 2022-05-31 | elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. |
| CVE-2021-42195 | 2022-05-31 | An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution. |
| CVE-2022-30817 | 2022-05-31 | Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php. |
| CVE-2022-29245 | 2022-05-31 | Weak private key generation in SSH.NET |
| CVE-2021-42196 | 2022-05-31 | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service. |
| CVE-2022-29258 | 2022-05-31 | Cross-site Scripting in Filter Stream Converter Application in XWiki Platform |
| CVE-2021-42197 | 2022-05-31 | An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution. |
| CVE-2022-30836 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection. via Wedding-Management/admin/select.php. |
| CVE-2022-30835 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=. |
| CVE-2022-30834 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id= |
| CVE-2022-30818 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31. |
| CVE-2022-30833 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=. |
| CVE-2021-42198 | 2022-05-31 | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service. |
| CVE-2022-30832 | 2022-05-31 | Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=. |