Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23742 | 2 Checkpoint, Microsoft | 2 Endpoint Security, Windows | 2022-05-23 | 4.6 MEDIUM | 7.8 HIGH |
| Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. | |||||
| CVE-2022-30413 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application. | |||||
| CVE-2022-30412 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=. | |||||
| CVE-2022-30411 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=. | |||||
| CVE-2022-30414 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_application&id=. | |||||
| CVE-2021-40399 | 1 Wps | 1 Wps Office | 2022-05-23 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | |||||
| CVE-2021-42969 | 1 Anaconda | 1 Anaconda3 | 2022-05-23 | 9.3 HIGH | 8.8 HIGH |
| Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed. | |||||
| CVE-2022-21128 | 1 Intel | 1 Advisor | 2022-05-23 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-21131 | 1 Intel | 292 Core I9-7900x, Core I9-7900x Firmware, Core I9-7920x and 289 more | 2022-05-23 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-29433 | 1 Donations Project | 1 Donations | 2022-05-23 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress. | |||||
| CVE-2022-21136 | 1 Intel | 292 Core I9-7900x, Core I9-7900x Firmware, Core I9-7920x and 289 more | 2022-05-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-30417 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-30415 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=. | |||||
| CVE-2022-22798 | 1 Sysaid | 1 Sysaid | 2022-05-23 | 9.0 HIGH | 8.8 HIGH |
| Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system. | |||||
| CVE-2022-21147 | 1 Estsoft | 1 Alyac | 2022-05-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-25591 | 1 Blogengine | 1 Blogengine.net | 2022-05-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request. | |||||
| CVE-2022-21182 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-46786 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access. | |||||
| CVE-2021-46787 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash. | |||||
| CVE-2021-46788 | 1 Huawei | 2 Emui, Magic Ui | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations. | |||||