Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28992 | 1 Online Banquet Booking System Project | 1 Online Banquet Booking System | 2022-05-26 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. | |||||
| CVE-2021-41938 | 1 Shopxo | 1 Shopxo | 2022-05-26 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations. | |||||
| CVE-2022-0873 | 1 Codeasily | 1 Gmedia Gallery | 2022-05-26 | 3.5 LOW | 4.8 MEDIUM |
| The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed | |||||
| CVE-2022-29304 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility. | |||||
| CVE-2022-28962 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client. | |||||
| CVE-2022-29652 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client. | |||||
| CVE-2022-28921 | 1 Blogengine | 1 Blogengine.net | 2022-05-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server. | |||||
| CVE-2022-29445 | 1 Wow-estore | 1 Popup Box | 2022-05-26 | 6.5 MEDIUM | 7.2 HIGH |
| Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress. | |||||
| CVE-2022-28924 | 1 Universis | 1 Universis-students | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. | |||||
| CVE-2022-28961 | 1 Spip | 1 Spip | 2022-05-25 | 6.5 MEDIUM | 8.8 HIGH |
| Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. | |||||
| CVE-2022-28960 | 1 Spip | 1 Spip | 2022-05-25 | 6.5 MEDIUM | 8.8 HIGH |
| A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. | |||||
| CVE-2022-28959 | 1 Spip | 1 Spip | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2022-1110 | 1 Lenovo | 1 Smart Standby Driver | 2022-05-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service. | |||||
| CVE-2021-42852 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2022-05-25 | 7.7 HIGH | 8.0 HIGH |
| A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. | |||||
| CVE-2022-30946 | 1 Jenkins | 1 Script Security | 2022-05-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver. | |||||
| CVE-2022-1795 | 1 Gpac | 1 Gpac | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. | |||||
| CVE-2021-27548 | 1 Xpdfreader | 1 Xpdf | 2022-05-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03. | |||||
| CVE-2022-1782 | 1 Erudika | 1 Para | 2022-05-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11. | |||||
| CVE-2022-28955 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2022-05-25 | 5.0 MEDIUM | 7.5 HIGH |
| An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. | |||||
| CVE-2022-28956 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2022-05-25 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. | |||||