CVE List - 2022 / June
Showing 1401 - 1500 of 2149 CVEs for June 2022 (Page 15 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-2134 | 2022-06-20 | Allocation of Resources Without Limits or Throttling in inventree/inventree |
| CVE-2022-25772 | 2022-06-20 | A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript |
| CVE-2022-31062 | 2022-06-20 | Unauthenticated Local File Inclusion |
| CVE-2022-2023 | 2022-06-20 | Incorrect Use of Privileged APIs in polonel/trudesk |
| CVE-2017-20057 | 2022-06-20 | Elefant CMS Persistent cross site scriting |
| CVE-2017-20058 | 2022-06-20 | Elefant CMS Version Comparison Persistent cross site scriting |
| CVE-2017-20059 | 2022-06-20 | Elefant CMS Title Persistent cross site scriting |
| CVE-2017-20060 | 2022-06-20 | Elefant CMS Blog Post Persistent cross site scriting |
| CVE-2017-20061 | 2022-06-20 | Elefant CMS extended Reflected cross site scriting |
| CVE-2017-20062 | 2022-06-20 | Elefant CMS cross-site request forgery |
| CVE-2017-20063 | 2022-06-20 | Elefant CMS File Upload drop privileges management |
| CVE-2017-20064 | 2022-06-20 | Elefant CMS layout code injection |
| CVE-2021-45918 | 2022-06-20 | NHI’s health insurance web service component – Heap-based Buffer Overflow |
| CVE-2022-21742 | 2022-06-20 | Realtek USB FE/1GbE/2.5GbE/5GbE NIC Family - Buffer Overflow |
| CVE-2022-26668 | 2022-06-20 | ASUS Control Center - Broken Access Control |
| CVE-2022-26669 | 2022-06-20 | ASUS Control Center - SQL Injection |
| CVE-2022-2130 | 2022-06-20 | Cross-site Scripting (XSS) - Reflected in microweber/microweber |
| CVE-2022-31734 | 2022-06-20 | Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary script may be executed on the web browser... |
| CVE-2022-1824 | 2022-06-20 | McAfee MCPR privilege escalation |
| CVE-2022-1823 | 2022-06-20 | McAfee MCPR privilege escalation |
| CVE-2021-25088 | 2022-06-20 | Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-25104 | 2022-06-20 | Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting |
| CVE-2021-25121 | 2022-06-20 | Rating by BestWebSoft < 1.6 - Rating Denial of Service |
| CVE-2022-0663 | 2022-06-20 | Print, PDF, Email by PrintFriendly < 5.2.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1266 | 2022-06-20 | Post Grid, Slider & Carousel Ultimate < 1.5.0 - Admin+ Stored XSS |
| CVE-2022-1472 | 2022-06-20 | Better Find and Replace < 1.3.6 - Admin+ SQLi |
| CVE-2022-1603 | 2022-06-20 | Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF |
| CVE-2022-1610 | 2022-06-20 | Seamless Donations < 5.1.9 - Arbitrary Settings Update via CSRF |
| CVE-2022-1614 | 2022-06-20 | WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP Spoofing |
| CVE-2022-1630 | 2022-06-20 | WP-Email < 2.69.0 - Log Deletion via CSRF |
| CVE-2022-1717 | 2022-06-20 | Custom Share Buttons with Floating Sidebar < 4.2 - Admin+ Stored XSS |
| CVE-2022-1801 | 2022-06-20 | Very Simple Contact Form < 11.6 - Captcha bypass |
| CVE-2022-1818 | 2022-06-20 | Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1826 | 2022-06-20 | Cross-Linker <= 3.0.1.9 - Arbitrary Cross-Link Creation via CSRF |
| CVE-2022-1827 | 2022-06-20 | PDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1828 | 2022-06-20 | PDF24 Articles To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1829 | 2022-06-20 | Inline Google Maps <= 5.11 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1830 | 2022-06-20 | Amazon Einzeltitellinks <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF |
| CVE-2022-1831 | 2022-06-20 | WPlite <= 1.3.1 - Arbitrary Settings Update via CSRF |
| CVE-2022-1832 | 2022-06-20 | CaPa Protect <= 0.5.8.2 - Arbitrary Settings Update via CSRF |
| CVE-2022-1889 | 2022-06-20 | Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1895 | 2022-06-20 | underConstruction < 1.20 - Construction Mode Deactivation via CSRF |
| CVE-2022-1896 | 2022-06-20 | underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1905 | 2022-06-20 | Events Made Easy < 2.2.81 - Unauthenticated SQLi |
| CVE-2022-1915 | 2022-06-20 | WP Zillow Review Slider < 2.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2022-1939 | 2022-06-20 | Allow SVG Files < 1.1 - Admin+ Arbitrary File Upload |
| CVE-2022-1945 | 2022-06-20 | Coming Soon and Maintenance by Colorlib < 1.0.99 - Admin+ Stored Cross Site Scripting |
| CVE-2021-41682 | 2022-06-20 | There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0 |
| CVE-2021-41683 | 2022-06-20 | There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0 |
| CVE-2022-31794 | 2022-06-20 | An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to... |
| CVE-2022-31795 | 2022-06-20 | An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to... |
| CVE-2022-32983 | 2022-06-20 | Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. |
| CVE-2022-33913 | 2022-06-20 | In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check. |
| CVE-2022-22317 | 2022-06-20 | IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID:... |
| CVE-2022-22318 | 2022-06-20 | IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. |
| CVE-2022-22414 | 2022-06-20 | IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026. |
| CVE-2022-2128 | 2022-06-20 | Unrestricted Upload of File with Dangerous Type in polonel/trudesk |
| CVE-2017-20065 | 2022-06-20 | Supsystic Popup Plugin cross-site request forgery |
| CVE-2017-20066 | 2022-06-20 | Adminer Login access control |
| CVE-2022-33139 | 2022-06-21 | A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC... |
| CVE-2017-20067 | 2022-06-21 | Hindu Matrimonial Script sql injection |
| CVE-2017-20068 | 2022-06-21 | Hindu Matrimonial Script usermanagement.php privileges management |
| CVE-2017-20069 | 2022-06-21 | Hindu Matrimonial Script countrymanagement.php privileges management |
| CVE-2017-20070 | 2022-06-21 | Hindu Matrimonial Script communitymanagement.php privileges management |
| CVE-2017-20071 | 2022-06-21 | Hindu Matrimonial Script renewaldue.php privileges management |
| CVE-2017-20072 | 2022-06-21 | Hindu Matrimonial Script generalsettings.php privileges management |
| CVE-2017-20073 | 2022-06-21 | Hindu Matrimonial Script cms.php privileges management |
| CVE-2017-20074 | 2022-06-21 | Hindu Matrimonial Script newsletter1.php privileges management |
| CVE-2017-20075 | 2022-06-21 | Hindu Matrimonial Script payment.php privileges management |
| CVE-2017-20076 | 2022-06-21 | Hindu Matrimonial Script searchview.php privileges management |
| CVE-2017-20077 | 2022-06-21 | Hindu Matrimonial Script success_story.php privileges management |
| CVE-2017-20078 | 2022-06-21 | Hindu Matrimonial Script featured.php privileges management |
| CVE-2017-20079 | 2022-06-21 | Hindu Matrimonial Script photo.php privileges management |
| CVE-2017-20080 | 2022-06-21 | Hindu Matrimonial Script googleads.php privileges management |
| CVE-2017-20081 | 2022-06-21 | Hindu Matrimonial Script reports.php privileges management |
| CVE-2022-31800 | 2022-06-21 | Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers |
| CVE-2022-31801 | 2022-06-21 | Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool |
| CVE-2022-23072 | 2022-06-21 | Recipes - Stored XSS in Add to Cart |
| CVE-2022-23073 | 2022-06-21 | Recipes - Stored XSS in Clipboard |
| CVE-2022-23074 | 2022-06-21 | Recipes - Stored XSS in Name Parameter |
| CVE-2022-31302 | 2022-06-21 | maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. |
| CVE-2022-31303 | 2022-06-21 | maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. |
| CVE-2022-31306 | 2022-06-21 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c. |
| CVE-2022-31307 | 2022-06-21 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c. |
| CVE-2022-32414 | 2022-06-21 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c. |
| CVE-2022-31373 | 2022-06-21 | SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. |
| CVE-2022-31374 | 2022-06-21 | An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. |
| CVE-2022-33119 | 2022-06-21 | NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. |
| CVE-2022-33048 | 2022-06-21 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php. |
| CVE-2022-33049 | 2022-06-21 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user. |
| CVE-2022-25585 | 2022-06-21 | Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Default settings. |
| CVE-2022-33055 | 2022-06-21 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php. |
| CVE-2022-33056 | 2022-06-21 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php. |
| CVE-2022-23342 | 2022-06-21 | The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on... |
| CVE-2022-31478 | 2022-06-21 | The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function. |
| CVE-2022-29775 | 2022-06-21 | iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. |
| CVE-2022-29774 | 2022-06-21 | iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal. |
| CVE-2022-31786 | 2022-06-21 | IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO. |
| CVE-2021-41924 | 2022-06-21 | Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-34008 | 2022-06-21 | Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine... |