The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-29624 | An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-29627 | An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-29628 | A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. | LOW | Jun 2, 2022 | n/a |
| CVE-2022-29631 | Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload. | MEDIUM | Jun 7, 2022 | n/a |
| CVE-2022-29632 | An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. | HIGH | May 27, 2022 | n/a |
| CVE-2022-29633 | An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie. | HIGH | May 27, 2022 | n/a |
| CVE-2022-29637 | An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. | MEDIUM | May 27, 2022 | n/a |
| CVE-2022-29638 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29639 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29640 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29641 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29642 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29643 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29644 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29645 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. | HIGH | May 18, 2022 | n/a |
| CVE-2022-29646 | An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. | MEDIUM | May 18, 2022 | n/a |
| CVE-2022-29647 | An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-29648 | A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | LOW | Jun 2, 2022 | n/a |
| CVE-2022-29649 | Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability. | -- | Sep 18, 2022 | n/a |
| CVE-2022-29650 | Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | HIGH | May 25, 2022 | n/a |
| CVE-2022-29651 | An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | MEDIUM | May 25, 2022 | n/a |
| CVE-2022-29652 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=save_client. | MEDIUM | May 20, 2022 | n/a |
| CVE-2022-29653 | OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-29654 | Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. | -- | Aug 22, 2023 | n/a |
| CVE-2022-29655 | An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | MEDIUM | May 11, 2022 | n/a |
| CVE-2022-29656 | Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. | HIGH | May 11, 2022 | n/a |
| CVE-2022-29659 | Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. | HIGH | Jun 2, 2022 | n/a |
| CVE-2022-29660 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. | HIGH | May 28, 2022 | n/a |
| CVE-2022-29661 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29662 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29663 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29664 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29665 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29666 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29667 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29669 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29670 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29676 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29680 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29681 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29682 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29683 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29684 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29685 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29686 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29687 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29688 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29689 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del. | MEDIUM | May 28, 2022 | n/a |
| CVE-2022-29692 | Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. | MEDIUM | Jun 2, 2022 | n/a |
| CVE-2022-29693 | Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. | MEDIUM | Jun 2, 2022 | n/a |
