Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27470 | 2 Fedoraproject, Libsdl | 2 Fedora, Sdl Ttf | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. | |||||
| CVE-2022-1530 | 1 Livehelperchat | 1 Live Helper Chat | 2022-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. The attacker can execute malicious JavaScript on the application. | |||||
| CVE-2022-28117 | 1 Naviwebs | 1 Navigate Cms | 2022-05-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. | |||||
| CVE-2022-22521 | 1 Miele | 1 Benchmark Programming Tool | 2022-05-12 | 6.9 MEDIUM | 7.3 HIGH |
| In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin. | |||||
| CVE-2022-22518 | 1 Codesys | 10 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 7 more | 2022-05-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy. | |||||
| CVE-2021-42242 | 1 Jflyfox | 1 Jfinal Cms | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. | |||||
| CVE-2022-22515 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 15 more | 2022-05-12 | 4.9 MEDIUM | 8.1 HIGH |
| A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. | |||||
| CVE-2021-46381 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. | |||||
| CVE-2022-24707 | 1 Anuko | 1 Time Tracker | 2022-05-12 | 6.5 MEDIUM | 8.8 HIGH |
| Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin was reusing code from other places and was relying on an unsanitized date parameter in POST requests. Because the parameter was not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue has been resolved in in version 1.20.0.5642. Users unable to upgrade are advised to add their own checks to input. | |||||
| CVE-2022-20699 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2022-05-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-26546 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. | |||||
| CVE-2022-26244 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-05-12 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "special" field. | |||||
| CVE-2022-25493 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php. | |||||
| CVE-2022-25492 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php. | |||||
| CVE-2022-25491 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-12 | 7.5 HIGH | 7.5 HIGH |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php. | |||||
| CVE-2022-25490 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php. | |||||
| CVE-2022-25004 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php. | |||||
| CVE-2022-22853 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-05-12 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Name field. | |||||
| CVE-2022-28079 | 1 College Management System Project | 1 College Management System | 2022-05-12 | 6.5 MEDIUM | 8.8 HIGH |
| College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. | |||||
| CVE-2022-28080 | 1 Event Management System Project | 1 Event Management System | 2022-05-12 | 6.5 MEDIUM | 8.8 HIGH |
| Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter. | |||||