Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30837 | 1 Toll Tax Management System Project | 1 Toll Tax Management System | 2022-05-29 | 3.5 LOW | 5.4 MEDIUM |
| Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. | |||||
| CVE-2022-29305 | 1 Imgurl Project | 1 Imgurl | 2022-05-29 | 6.8 MEDIUM | 8.1 HIGH |
| imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. | |||||
| CVE-2022-30015 | 1 Simple Food Website Project | 1 Simple Food Website | 2022-05-29 | 3.5 LOW | 5.4 MEDIUM |
| In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss. | |||||
| CVE-2022-31489 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2022-05-29 | 5.0 MEDIUM | 7.5 HIGH |
| Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. | |||||
| CVE-2022-31488 | 1 Inoutscripts | 1 Blockchain Altexchanger | 2022-05-29 | 5.0 MEDIUM | 7.5 HIGH |
| Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. | |||||
| CVE-2022-31487 | 1 Inoutscripts | 2 Blockchain Altexchanger, Blockchain Fiatexchanger | 2022-05-29 | 5.0 MEDIUM | 7.5 HIGH |
| Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. | |||||
| CVE-2022-30017 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-05-29 | 3.5 LOW | 5.4 MEDIUM |
| Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing. | |||||
| CVE-2022-30016 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-05-29 | 6.5 MEDIUM | 8.8 HIGH |
| Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info. | |||||
| CVE-2022-30014 | 1 Simple Food Website Project | 1 Simple Food Website | 2022-05-29 | 6.8 MEDIUM | 8.8 HIGH |
| Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. | |||||
| CVE-2022-29005 | 1 Online Birth Certificate System Project | 1 Online Birth Certificate System | 2022-05-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters. | |||||
| CVE-2022-29004 | 1 E-diary Management System Project | 1 E-diary Management System | 2022-05-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. | |||||
| CVE-2022-1810 | 1 Publify Project | 1 Publify | 2022-05-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper Access Control in GitHub repository publify/publify prior to 9.2.9. | |||||
| CVE-2021-42586 | 1 Gnu | 1 Libredwg | 2022-05-29 | 6.8 MEDIUM | 8.8 HIGH |
| A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | |||||
| CVE-2021-42585 | 1 Gnu | 1 Libredwg | 2022-05-29 | 6.8 MEDIUM | 8.8 HIGH |
| A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | |||||
| CVE-2022-1558 | 1 Curtain Project | 1 Curtain | 2022-05-29 | 3.5 LOW | 4.8 MEDIUM |
| The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | |||||
| CVE-2022-1547 | 1 Wpchill | 1 Check \& Log Email | 2022-05-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1320 | 1 10web | 1 Sliderby10web | 2022-05-29 | 3.5 LOW | 4.8 MEDIUM |
| The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1014 | 1 Wp Contacts Manager Project | 1 Wp Contacts Manager | 2022-05-29 | 7.5 HIGH | 9.8 CRITICAL |
| The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability. | |||||
| CVE-2022-0346 | 1 Xmlsitemapgenerator | 1 Xml Sitemap Generator | 2022-05-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on. | |||||
| CVE-2022-1813 | 1 Rengine Project | 1 Rengine | 2022-05-29 | 7.5 HIGH | 9.8 CRITICAL |
| OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. | |||||