Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28946 | 1 Openpolicyagent | 1 Open Policy Agent | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access. | |||||
| CVE-2022-29424 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2022-05-26 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress. | |||||
| CVE-2022-29448 | 1 Wow-estore | 1 Herd Effects | 2022-05-26 | 4.0 MEDIUM | 4.9 MEDIUM |
| Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress. | |||||
| CVE-2022-29425 | 1 Wpwham | 1 Checkout Files Upload For Woocommerce | 2022-05-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress. | |||||
| CVE-2022-28985 | 1 Orangehrm | 1 Orangehrm | 2022-05-26 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | |||||
| CVE-2022-1806 | 1 Rtx Project | 1 Rtx | 2022-05-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18. | |||||
| CVE-2022-30033 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. | |||||
| CVE-2022-28917 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp. | |||||
| CVE-2022-29644 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. | |||||
| CVE-2022-29643 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2022-28183 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu | 2022-05-26 | 3.6 LOW | 7.1 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure. | |||||
| CVE-2022-28182 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2022-05-26 | 6.8 MEDIUM | 8.5 HIGH |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution to cause denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. | |||||
| CVE-2022-29642 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2022-28181 | 3 Linux, Microsoft, Nvidia | 4 Linux Kernel, Windows, Gpu Display Driver and 1 more | 2022-05-26 | 6.9 MEDIUM | 8.5 HIGH |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. | |||||
| CVE-2022-29641 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2022-29640 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2019-25061 | 1 Random Password Generator Project | 1 Random Password Generator | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction. | |||||
| CVE-2021-41946 | 1 Fiberhome | 2 Hg150-ub, Hg150-ub Firmware | 2022-05-26 | 3.5 LOW | 5.4 MEDIUM |
| In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control --> Access Time Restriction --> Username field, a user cannot delete the rule due to the XSS. | |||||
| CVE-2022-28186 | 2 Microsoft, Nvidia | 3 Windows, Gpu Display Driver, Virtual Gpu | 2022-05-26 | 3.6 LOW | 6.1 MEDIUM |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly, which may lead to denial of service or data tampering. | |||||
| CVE-2022-26633 | 1 Simple Student Quarterly Result\/grade System Project | 1 Simple Student Quarterly Result\/grade System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. | |||||