The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-44142 | Samba: This vulnerability allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. | -- | Feb 1, 2022 | n/a |
| CVE-2022-30781 | Gitea before 1.6.7 does not escape git fetch remote. | -- | May 16, 2022 | n/a |
| CVE-2022-30779 | Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttp\\Cookie\\FileCookieJar.php. | -- | May 16, 2022 | n/a |
| CVE-2022-30778 | Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\\Broadcasting\\PendingBroadcast.php and dispatch($command) in Illuminate\\Bus\\QueueingDispatcher.php. | -- | May 16, 2022 | n/a |
| CVE-2022-30775 | xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option. | -- | May 16, 2022 | n/a |
| CVE-2022-30770 | Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions. | -- | May 16, 2022 | n/a |
| CVE-2022-30767 | nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. | LOW | May 16, 2022 | n/a |
| CVE-2022-30765 | Calibre-Web before 0.6.18 allows user table SQL Injection. | -- | May 16, 2022 | n/a |
| CVE-2022-30763 | Janet before 1.22.0 mishandles arrays. | -- | May 16, 2022 | n/a |
| CVE-2022-30708 | Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. | -- | May 15, 2022 | n/a |
| CVE-2022-30594 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | -- | May 12, 2022 | n/a |
| CVE-2022-30592 | liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. | -- | May 12, 2022 | n/a |
| CVE-2022-30557 | Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution. | -- | May 12, 2022 | n/a |
| CVE-2022-30525 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | -- | May 12, 2022 | n/a |
| CVE-2022-30524 | There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | -- | May 9, 2022 | n/a |
| CVE-2022-30489 | WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. | -- | May 13, 2022 | n/a |
| CVE-2022-30453 | ShopWind <= 3.4.2 has a RCE vulnerability in Database.php | -- | May 11, 2022 | n/a |
| CVE-2022-30452 | ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php | -- | May 11, 2022 | n/a |
| CVE-2022-30451 | An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1. | -- | May 12, 2022 | n/a |
| CVE-2022-30450 | A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php | -- | May 12, 2022 | n/a |
| CVE-2022-30449 | Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php. | -- | May 12, 2022 | n/a |
| CVE-2022-30448 | Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. | -- | May 12, 2022 | n/a |
| CVE-2022-30417 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_user&id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30415 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30414 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_application&id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30413 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application. | -- | May 13, 2022 | n/a |
| CVE-2022-30412 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30411 | Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30408 | Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. | -- | May 13, 2022 | n/a |
| CVE-2022-30407 | Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30404 | College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30403 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=. | -- | May 13, 2022 | n/a |
| CVE-2022-30402 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30401 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30400 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30399 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30398 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30396 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30395 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. | -- | May 13, 2022 | n/a |
| CVE-2022-30393 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30392 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. | -- | May 13, 2022 | n/a |
| CVE-2022-30391 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. | -- | May 13, 2022 | n/a |
| CVE-2022-30387 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. | -- | May 13, 2022 | n/a |
| CVE-2022-30386 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. | -- | May 13, 2022 | n/a |
| CVE-2022-30385 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. | -- | May 13, 2022 | n/a |
| CVE-2022-30384 | Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. | -- | May 13, 2022 | n/a |
| CVE-2022-30381 | Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. | -- | May 13, 2022 | n/a |
| CVE-2022-30379 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30378 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=. | -- | May 13, 2022 | n/a |
| CVE-2022-30376 | Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=. | -- | May 13, 2022 | n/a |
