The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2022-30781 | Gitea before 1.6.7 does not escape git fetch remote. | -- | May 16, 2022 |
| CVE-2022-30779 | Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttp\\Cookie\\FileCookieJar.php. | -- | May 16, 2022 |
| CVE-2022-30778 | Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\\Broadcasting\\PendingBroadcast.php and dispatch($command) in Illuminate\\Bus\\QueueingDispatcher.php. | -- | May 16, 2022 |
| CVE-2022-30775 | xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option. | -- | May 16, 2022 |
| CVE-2022-30770 | Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions. | -- | May 16, 2022 |
| CVE-2022-30767 | nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. | LOW | May 16, 2022 |
| CVE-2022-30765 | Calibre-Web before 0.6.18 allows user table SQL Injection. | -- | May 16, 2022 |
| CVE-2022-30763 | Janet before 1.22.0 mishandles arrays. | -- | May 16, 2022 |
| CVE-2022-30708 | Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. | -- | May 15, 2022 |
| CVE-2022-30049 | A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. | -- | May 15, 2022 |
| CVE-2022-28937 | FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients\' requests. | -- | May 15, 2022 |
| CVE-2022-28936 | FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet. | -- | May 15, 2022 |
| CVE-2022-28930 | ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml.. | -- | May 15, 2022 |
| CVE-2022-28929 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | -- | May 15, 2022 |
| CVE-2021-41965 | A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed. | -- | May 15, 2022 |
| CVE-2022-24831 | OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has been patched in 3.16.1, 3.15.9, 3.14.1, and 3.13.1 and users are advised to upgrade. | -- | May 14, 2022 |
| CVE-2022-24830 | OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known workarounds. This issue has been patched and users are recommended to upgrade. | -- | May 14, 2022 |
| CVE-2022-1679 | kernel: Use-After-Free in ath9k_htc_probe_device() could cause an escalation of privileges | -- | May 14, 2022 |
| CVE-2022-1655 | OpenStack: Horizon session cookies are not flagged HttpOnly | -- | May 14, 2022 |
| CVE-2022-1379 | URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers. | -- | May 14, 2022 |
| CVE-2022-0171 | kernel: KVM: cache incoherence issue in SEV API may lead to kernel crash | -- | May 14, 2022 |
| CVE-2022-30489 | WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. | -- | May 13, 2022 |
| CVE-2022-30417 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_user&id=. | -- | May 13, 2022 |
| CVE-2022-30415 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=. | -- | May 13, 2022 |
| CVE-2022-30414 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_application&id=. | -- | May 13, 2022 |
| CVE-2022-30413 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application. | -- | May 13, 2022 |
| CVE-2022-30412 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=. | -- | May 13, 2022 |
| CVE-2022-30411 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=. | -- | May 13, 2022 |
| CVE-2022-30408 | Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. | -- | May 13, 2022 |
| CVE-2022-30407 | Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=. | -- | May 13, 2022 |
| CVE-2022-30404 | College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=. | -- | May 13, 2022 |
| CVE-2022-30403 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=. | -- | May 13, 2022 |
| CVE-2022-30402 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. | -- | May 13, 2022 |
| CVE-2022-30401 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=. | -- | May 13, 2022 |
| CVE-2022-30400 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. | -- | May 13, 2022 |
| CVE-2022-30399 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=. | -- | May 13, 2022 |
| CVE-2022-30398 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=. | -- | May 13, 2022 |
| CVE-2022-30396 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. | -- | May 13, 2022 |
| CVE-2022-30395 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. | -- | May 13, 2022 |
| CVE-2022-30393 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. | -- | May 13, 2022 |
| CVE-2022-30392 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. | -- | May 13, 2022 |
| CVE-2022-30391 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. | -- | May 13, 2022 |
| CVE-2022-30387 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. | -- | May 13, 2022 |
| CVE-2022-30386 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. | -- | May 13, 2022 |
| CVE-2022-30385 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. | -- | May 13, 2022 |
| CVE-2022-30384 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. | -- | May 13, 2022 |
| CVE-2022-30381 | Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. | -- | May 13, 2022 |
| CVE-2022-30379 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=. | -- | May 13, 2022 |
| CVE-2022-30378 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=. | -- | May 13, 2022 |
| CVE-2022-30376 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=. | -- | May 13, 2022 |
