The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2021-27780 | The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | MEDIUM | May 27, 2022 |
| CVE-2022-31624 | MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. | LOW | May 28, 2022 |
| CVE-2022-31623 | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. | LOW | May 28, 2022 |
| CVE-2022-31622 | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. | LOW | May 28, 2022 |
| CVE-2022-31621 | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. | LOW | May 28, 2022 |
| CVE-2022-30843 | Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. | MEDIUM | May 28, 2022 |
| CVE-2022-30842 | Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. | LOW | May 28, 2022 |
| CVE-2022-30839 | Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. | MEDIUM | May 28, 2022 |
| CVE-2022-30464 | ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. | LOW | May 28, 2022 |
| CVE-2022-30463 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. | MEDIUM | May 28, 2022 |
| CVE-2022-30462 | Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. | LOW | May 28, 2022 |
| CVE-2022-30461 | Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id | HIGH | May 28, 2022 |
| CVE-2022-30460 | Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. | LOW | May 28, 2022 |
| CVE-2022-30459 | ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. | MEDIUM | May 28, 2022 |
| CVE-2022-30458 | Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. | LOW | May 28, 2022 |
| CVE-2022-30456 | Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. | LOW | May 28, 2022 |
| CVE-2022-30455 | Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. | HIGH | May 28, 2022 |
| CVE-2022-30454 | Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. | HIGH | May 28, 2022 |
| CVE-2022-29689 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del. | MEDIUM | May 28, 2022 |
| CVE-2022-29688 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy. | MEDIUM | May 28, 2022 |
| CVE-2022-29687 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del. | MEDIUM | May 28, 2022 |
| CVE-2022-29686 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan. | MEDIUM | May 28, 2022 |
| CVE-2022-29685 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort. | MEDIUM | May 28, 2022 |
| CVE-2022-29684 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del. | MEDIUM | May 28, 2022 |
| CVE-2022-29683 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del. | MEDIUM | May 28, 2022 |
| CVE-2022-29682 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del. | MEDIUM | May 28, 2022 |
| CVE-2022-29681 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del. | MEDIUM | May 28, 2022 |
| CVE-2022-29680 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del. | MEDIUM | May 28, 2022 |
| CVE-2022-29676 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | MEDIUM | May 28, 2022 |
| CVE-2022-29670 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del. | MEDIUM | May 28, 2022 |
| CVE-2022-29669 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan. | MEDIUM | May 28, 2022 |
| CVE-2022-29667 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos. | MEDIUM | May 28, 2022 |
| CVE-2022-29666 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | MEDIUM | May 28, 2022 |
| CVE-2022-29665 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save. | MEDIUM | May 28, 2022 |
| CVE-2022-29664 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save. | MEDIUM | May 28, 2022 |
| CVE-2022-29663 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. | MEDIUM | May 28, 2022 |
| CVE-2022-29662 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save. | MEDIUM | May 28, 2022 |
| CVE-2022-29661 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save. | MEDIUM | May 28, 2022 |
| CVE-2022-29660 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. | HIGH | May 28, 2022 |
| CVE-2022-1825 | Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8. | LOW | May 28, 2022 |
| CVE-2022-1298 | The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | LOW | May 28, 2022 |
| CVE-2022-1268 | The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting | MEDIUM | May 28, 2022 |
| CVE-2022-1221 | The Gwyn\'s Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. | MEDIUM | May 28, 2022 |
| CVE-2022-1218 | The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | MEDIUM | May 28, 2022 |
| CVE-2022-1192 | The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | MEDIUM | May 28, 2022 |
| CVE-2022-1093 | The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed. | LOW | May 28, 2022 |
| CVE-2022-0781 | The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection | HIGH | May 28, 2022 |
| CVE-2022-1928 | Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. | LOW | May 29, 2022 |
| CVE-2022-1927 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | HIGH | May 29, 2022 |
| CVE-2022-26719 | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. | -- | May 31, 2022 |
