| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-30782 |
|
|
|
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers. |
|
2 |
CVE-2022-30781 |
|
|
|
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Gitea before 1.16.7 does not escape git fetch remote. |
|
3 |
CVE-2022-30779 |
|
|
Exec Code |
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttp\Cookie\FileCookieJar.php. |
|
4 |
CVE-2022-30778 |
|
|
Exec Code |
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and dispatch($command) in Illuminate\Bus\QueueingDispatcher.php. |
|
5 |
CVE-2022-30777 |
|
|
XSS |
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Parallels H-Sphere 3.6.2 allows XSS via the index_en.php from parameter. |
|
6 |
CVE-2022-30776 |
|
|
XSS |
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. |
|
7 |
CVE-2022-30775 |
|
|
|
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option. |
|
8 |
CVE-2022-30770 |
|
|
XSS |
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions. |
|
9 |
CVE-2022-30767 |
|
|
Overflow |
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. |
|
10 |
CVE-2022-30765 |
|
|
Sql |
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Calibre-Web before 0.6.18 allows user table SQL Injection. |
|
11 |
CVE-2022-30763 |
|
|
|
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Janet before 1.22.0 mishandles arrays. |
|
12 |
CVE-2022-30708 |
|
|
Exec Code |
2022-05-15 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. |
|
13 |
CVE-2022-30697 |
|
|
|
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 |
|
14 |
CVE-2022-30696 |
|
|
|
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 |
|
15 |
CVE-2022-30695 |
|
|
|
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 |
|
16 |
CVE-2022-30594 |
|
|
Bypass |
2022-05-12 |
2022-05-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. |
|
17 |
CVE-2022-30592 |
|
|
|
2022-05-11 |
2022-05-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. |
|
18 |
CVE-2022-30557 |
|
|
|
2022-05-11 |
2022-05-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution. |
|
19 |
CVE-2022-30525 |
|
|
Exec Code |
2022-05-12 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. |
|
20 |
CVE-2022-30524 |
|
|
DoS |
2022-05-09 |
2022-05-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. |
|
21 |
CVE-2022-30523 |
|
|
|
2022-05-16 |
2022-05-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine. |
|
22 |
CVE-2022-30489 |
|
|
XSS |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. |
|
23 |
CVE-2022-30453 |
|
|
|
2022-05-11 |
2022-05-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
ShopWind <= 3.4.2 has a RCE vulnerability in Database.php |
|
24 |
CVE-2022-30452 |
|
|
Sql |
2022-05-11 |
2022-05-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php |
|
25 |
CVE-2022-30451 |
|
|
Exec Code |
2022-05-11 |
2022-05-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1. |
|
26 |
CVE-2022-30450 |
|
|
Exec Code |
2022-05-11 |
2022-05-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php |
|
27 |
CVE-2022-30449 |
|
|
Sql |
2022-05-11 |
2022-05-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php. |
|
28 |
CVE-2022-30448 |
|
|
|
2022-05-11 |
2022-05-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. |
|
29 |
CVE-2022-30417 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_user&id=. |
|
30 |
CVE-2022-30415 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=. |
|
31 |
CVE-2022-30414 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_application&id=. |
|
32 |
CVE-2022-30413 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application. |
|
33 |
CVE-2022-30412 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=. |
|
34 |
CVE-2022-30411 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=. |
|
35 |
CVE-2022-30408 |
|
|
|
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. |
|
36 |
CVE-2022-30407 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=. |
|
37 |
CVE-2022-30404 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=. |
|
38 |
CVE-2022-30403 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=. |
|
39 |
CVE-2022-30402 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. |
|
40 |
CVE-2022-30401 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=. |
|
41 |
CVE-2022-30400 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. |
|
42 |
CVE-2022-30399 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=. |
|
43 |
CVE-2022-30398 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=. |
|
44 |
CVE-2022-30396 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. |
|
45 |
CVE-2022-30395 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. |
|
46 |
CVE-2022-30393 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. |
|
47 |
CVE-2022-30392 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. |
|
48 |
CVE-2022-30391 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. |
|
49 |
CVE-2022-30387 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. |
|
50 |
CVE-2022-30386 |
|
|
Sql |
2022-05-13 |
2022-05-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. |
