Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30014 | 1 Simple Food Website Project | 1 Simple Food Website | 2022-05-30 | 6.8 MEDIUM | 8.8 HIGH |
| Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. | |||||
| CVE-2022-1810 | 1 Publify Project | 1 Publify | 2022-05-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper Access Control in GitHub repository publify/publify prior to 9.2.9. | |||||
| CVE-2021-42586 | 1 Gnu | 1 Libredwg | 2022-05-30 | 6.8 MEDIUM | 8.8 HIGH |
| A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | |||||
| CVE-2021-42585 | 1 Gnu | 1 Libredwg | 2022-05-30 | 6.8 MEDIUM | 8.8 HIGH |
| A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | |||||
| CVE-2022-1558 | 1 Curtain Project | 1 Curtain | 2022-05-30 | 3.5 LOW | 4.8 MEDIUM |
| The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1547 | 1 Wpchill | 1 Check \& Log Email | 2022-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1320 | 1 10web | 1 Sliderby10web | 2022-05-30 | 3.5 LOW | 4.8 MEDIUM |
| The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1014 | 1 Wp Contacts Manager Project | 1 Wp Contacts Manager | 2022-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. | |||||
| CVE-2022-0346 | 1 Xmlsitemapgenerator | 1 Xml Sitemap Generator | 2022-05-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on. | |||||
| CVE-2022-1813 | 1 Rengine Project | 1 Rengine | 2022-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. | |||||
| CVE-2022-30105 | 1 Belkin | 2 N300, N300 Firmware | 2022-05-30 | 10.0 HIGH | 9.8 CRITICAL |
| In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root. | |||||
| CVE-2022-29174 | 1 Count | 1 Countly Server | 2022-05-30 | 6.8 MEDIUM | 8.1 HIGH |
| countly-server is the server-side part of Countly, a product analytics solution. Prior to versions 22.03.7 and 21.11.4, a malicious actor who knows an account email address/username and full name specified in the database is capable of guessing the password reset token. The actor may use this information to reset the password and take over the account. The problem has been patched in Countly Server version 22.03.7 for servers using the new user interface and in 21.11.4 for servers using the old user interface. | |||||
| CVE-2022-29588 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2022-05-30 | 5.0 MEDIUM | 7.5 HIGH |
| Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files. | |||||
| CVE-2022-30464 | 1 Chatbot App With Suggestion In Php\/oop Project | 1 Chatbot App With Suggestion In Php\/oop | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. | |||||
| CVE-2022-30463 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. | |||||
| CVE-2022-30462 | 1 Water Billing System Project | 1 Water Billing System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-30461 | 1 Water Billing System Project | 1 Water Billing System | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id | |||||
| CVE-2022-30460 | 1 Simple Social Networking Site Project | 1 Simple Social Networking Site | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-30459 | 1 Chatbot App With Suggestion In Php\/oop Project | 1 Chatbot App With Suggestion In Php\/oop | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. | |||||
| CVE-2022-30458 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. | |||||
| CVE-2022-30456 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. | |||||
| CVE-2022-30455 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. | |||||
| CVE-2022-30839 | 1 Room Rent Portal Site Project | 1 Room Rent Portal Site | 2022-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. | |||||
| CVE-2022-30454 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. | |||||
| CVE-2022-30843 | 1 Room Rent Portal Site Project | 1 Room Rent Portal Site | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. | |||||
| CVE-2022-30842 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. | |||||
| CVE-2022-29689 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del. | |||||
| CVE-2022-29688 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy. | |||||
| CVE-2022-29687 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del. | |||||
| CVE-2022-29686 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan. | |||||
| CVE-2022-29685 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort. | |||||
| CVE-2022-29684 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del. | |||||
| CVE-2022-29683 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del. | |||||
| CVE-2022-29682 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del. | |||||
| CVE-2022-29681 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del. | |||||
| CVE-2022-29680 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del. | |||||
| CVE-2022-29676 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | |||||
| CVE-2022-29670 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del. | |||||
| CVE-2022-29669 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan. | |||||
| CVE-2022-29667 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos. | |||||
| CVE-2022-29666 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | |||||
| CVE-2022-29665 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save. | |||||
| CVE-2022-29664 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save. | |||||
| CVE-2022-29663 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. | |||||
| CVE-2022-29662 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save. | |||||
| CVE-2022-29661 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 6.5 MEDIUM | 7.2 HIGH |
| CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save. | |||||
| CVE-2022-29660 | 1 Chshcms | 1 Cscms Music Portal System | 2022-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. | |||||
| CVE-2022-1825 | 1 Collectiveaccess | 1 Providence | 2022-05-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8. | |||||
| CVE-2022-1298 | 1 Wpshopmart | 1 Tabs Responsive | 2022-05-28 | 3.5 LOW | 4.8 MEDIUM |
| The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1268 | 1 Donate Extra Project | 1 Donate Extra | 2022-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting | |||||