Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1430 1 Octoprint 1 Octoprint 2022-05-25 5.1 MEDIUM 7.5 HIGH
Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.
CVE-2020-9973 1 Apple 3 Ipados, Iphone Os, Mac Os X 2022-05-25 9.3 HIGH 7.8 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
CVE-2021-42943 1 Ipplan Project 1 Ipplan 2022-05-25 3.5 LOW 5.4 MEDIUM
Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
CVE-2022-23706 1 Hp 1 Oneview 2022-05-25 4.3 MEDIUM 6.1 MEDIUM
A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVE-2020-3937 1 Sysjust 1 Syuan-gu-da-shin 2022-05-25 5.0 MEDIUM 7.5 HIGH
SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database.
CVE-2020-3927 2 Changingtec, Microsoft 2 Servisign, Windows 2022-05-25 8.5 HIGH 7.5 HIGH
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
CVE-2022-28190 1 Nvidia 1 Gpu Display Driver 2022-05-25 2.1 LOW 5.5 MEDIUM
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service.
CVE-2022-28189 1 Nvidia 1 Gpu Display Driver 2022-05-25 2.1 LOW 5.5 MEDIUM
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash.
CVE-2022-30045 1 Ezxml Project 1 Ezxml 2022-05-25 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.
CVE-2022-28617 1 Hp 1 Oneview 2022-05-25 7.5 HIGH 9.8 CRITICAL
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
CVE-2022-29436 1 Code Snippets Extended Project 1 Code Snippets Extended 2022-05-25 4.3 MEDIUM 6.1 MEDIUM
Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code).
CVE-2022-29435 1 Code Snippets Extended Project 1 Code Snippets Extended 2022-05-25 5.8 MEDIUM 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets.
CVE-2022-30688 2 Debian, Needrestart Project 2 Debian Linux, Needrestart 2022-05-25 4.6 MEDIUM 7.8 HIGH
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.
CVE-2022-30054 1 Covid 19 Travel Pass Management Project 1 Covid 19 Travel Pass Management 2022-05-25 7.5 HIGH 9.8 CRITICAL
In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks.
CVE-2022-30053 1 Toll Tax Management System Project 1 Toll Tax Management System 2022-05-25 7.5 HIGH 9.8 CRITICAL
In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks.
CVE-2022-30052 1 Home Clean Service System Project 1 Home Clean Service System 2022-05-25 7.5 HIGH 9.8 CRITICAL
In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks.
CVE-2021-26400 1 Amd 1 Cpu 2022-05-25 2.1 LOW 4.0 MEDIUM
AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.
CVE-2022-1753 1 Wowonder 1 Wowonder 2022-05-25 4.0 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public.
CVE-2021-26364 1 Amd 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more 2022-05-25 4.9 MEDIUM 5.5 MEDIUM
Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.
CVE-2021-26372 1 Amd 88 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 85 more 2022-05-25 4.9 MEDIUM 5.5 MEDIUM
Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.