| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-28000 | Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/bookin... | E | |
| CVE-2022-28001 | Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page... | E | |
| CVE-2022-28002 | Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability... | E | |
| CVE-2022-28005 | An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINA... | | |
| CVE-2022-28006 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28007 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28008 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28009 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28010 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28011 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28012 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28013 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28014 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28015 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28016 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28017 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28018 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28019 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28020 | Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the c... | E | |
| CVE-2022-28021 | Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulner... | E | |
| CVE-2022-28022 | Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /p... | E | |
| CVE-2022-28023 | Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /p... | E | |
| CVE-2022-28024 | Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-gra... | E | |
| CVE-2022-28025 | Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-gra... | E | |
| CVE-2022-28026 | Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-gra... | E | |
| CVE-2022-28028 | Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /r... | E | |
| CVE-2022-28029 | Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /r... | E | |
| CVE-2022-28030 | Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /r... | E | |
| CVE-2022-28032 | AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php... | E | |
| CVE-2022-28033 | Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php... | E | |
| CVE-2022-28034 | AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php... | E | |
| CVE-2022-28035 | Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php... | E | |
| CVE-2022-28036 | AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php... | E | |
| CVE-2022-28041 | stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_b... | E S | |
| CVE-2022-28042 | stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg... | E S | |
| CVE-2022-28044 | Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise... | E S | |
| CVE-2022-28048 | STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_dec... | E S | |
| CVE-2022-28049 | NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_ar... | E S | |
| CVE-2022-28051 | The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5... | E S | |
| CVE-2022-28052 | Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function stor... | E | |
| CVE-2022-28053 | Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload func... | E | |
| CVE-2022-28054 | Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows... | | |
| CVE-2022-28055 | Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs func... | S | |
| CVE-2022-28056 | ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add func... | E | |
| CVE-2022-28058 | Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_c... | E | |
| CVE-2022-28059 | Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\databa... | E | |
| CVE-2022-28060 | SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.... | E | |
| CVE-2022-28062 | Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component whi... | E | |
| CVE-2022-28063 | Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products.... | E | |
| CVE-2022-28066 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26280. Reason: This candidat... | R | |
| CVE-2022-28067 | An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial o... | | |
| CVE-2022-28068 | A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.... | S | |
| CVE-2022-28069 | A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.... | S | |
| CVE-2022-28070 | A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.... | S | |
| CVE-2022-28071 | A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.... | S | |
| CVE-2022-28072 | A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.... | S | |
| CVE-2022-28073 | A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.... | S | |
| CVE-2022-28074 | Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\in... | | |
| CVE-2022-28076 | Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail S... | E | |
| CVE-2022-28077 | Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS... | | |
| CVE-2022-28078 | Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS... | | |
| CVE-2022-28079 | College Management System v1.0 was discovered to contain a SQL injection vulnerability via the cours... | E | |
| CVE-2022-28080 | Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the t... | E | |
| CVE-2022-28081 | A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allo... | | |
| CVE-2022-28082 | Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /gof... | E | |
| CVE-2022-28085 | A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names i... | E S | |
| CVE-2022-28090 | Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/coll... | E | |
| CVE-2022-28093 | SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vu... | E | |
| CVE-2022-28094 | SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (X... | E | |
| CVE-2022-28096 | Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp... | E | |
| CVE-2022-28099 | Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the ... | E | |
| CVE-2022-28101 | Turtlapp Turtle Note v0.7.2.6 does not filter the tag during markdown parsing, allowing attac... | E | |
| CVE-2022-28102 | A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to... | E | |
| CVE-2022-28104 | Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability.... | E | |
| CVE-2022-28105 | Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerabil... | E | |
| CVE-2022-28106 | Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accoun... | E | |
| CVE-2022-28108 | Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as applic... | E | |
| CVE-2022-28109 | Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: ... | E M | |
| CVE-2022-28110 | Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the usernam... | | |
| CVE-2022-28111 | MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind ... | E | |
| CVE-2022-28113 | An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files ... | E | |
| CVE-2022-28114 | DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.ph... | E | |
| CVE-2022-28115 | Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the i... | E | |
| CVE-2022-28116 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parame... | E | |
| CVE-2022-28117 | A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attac... | E | |
| CVE-2022-28118 | SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.... | E | |
| CVE-2022-28120 | Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management p... | | |
| CVE-2022-28126 | Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2... | | |
| CVE-2022-28127 | A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel ... | E | |
| CVE-2022-28128 | Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gai... | | |
| CVE-2022-28129 | Insufficient Validation of HTTP/1.x Headers | | |
| CVE-2022-28131 | Stack exhaustion from deeply nested XML documents in encoding/xml | | |
| CVE-2022-28132 | The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenti... | | |
| CVE-2022-28133 | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callbac... | | |
| CVE-2022-28134 | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in ... | | |
| CVE-2022-28135 | Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in th... | | |
| CVE-2022-28136 | A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v8179... | | |
| CVE-2022-28137 | A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier al... | | |
| CVE-2022-28138 | A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and e... | | |
| CVE-2022-28139 | A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers... | | |
| CVE-2022-28140 | Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML... | | |
| CVE-2022-28141 | Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter password unencrypted in the g... | | |
| CVE-2022-28142 | Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Je... | | |
| CVE-2022-28143 | A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows... | | |
| CVE-2022-28144 | Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoin... | | |
| CVE-2022-28145 | Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security... | | |
| CVE-2022-28146 | Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Conf... | | |
| CVE-2022-28147 | A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier a... | | |
| CVE-2022-28148 | The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpr... | | |
| CVE-2022-28149 | Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary ... | | |
| CVE-2022-28150 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 an... | | |
| CVE-2022-28151 | A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attack... | | |
| CVE-2022-28152 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 an... | | |
| CVE-2022-28153 | Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sites to monitor in tooltips, res... | | |
| CVE-2022-28154 | Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser ... | | |
| CVE-2022-28155 | Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to preve... | | |
| CVE-2022-28156 | Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permi... | | |
| CVE-2022-28157 | Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permi... | | |
| CVE-2022-28158 | A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attac... | | |
| CVE-2022-28159 | Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Properties File Path option for ... | | |
| CVE-2022-28160 | Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read ... | | |
| CVE-2022-28161 | An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SAN... | | |
| CVE-2022-28162 | Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.... | | |
| CVE-2022-28163 | In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management ar... | | |
| CVE-2022-28164 | Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for ... | | |
| CVE-2022-28165 | A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2... | | |
| CVE-2022-28166 | In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation o... | | |
| CVE-2022-28167 | Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric... | | |
| CVE-2022-28168 | In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passw... | | |
| CVE-2022-28169 | Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, an... | | |
| CVE-2022-28170 | Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j s... | | |
| CVE-2022-28171 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vul... | E S | |
| CVE-2022-28172 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vul... | S | |
| CVE-2022-28173 | The web server of some Hikvision wireless bridge products have an access control vulnerability which... | S | |
| CVE-2022-28181 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, w... | S | |
| CVE-2022-28182 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nv... | S | |
| CVE-2022-28183 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, w... | S | |
| CVE-2022-28184 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (n... | S | |
| CVE-2022-28185 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an ... | S | |
| CVE-2022-28186 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | S | |
| CVE-2022-28187 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | S | |
| CVE-2022-28188 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | S | |
| CVE-2022-28189 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | S | |
| CVE-2022-28190 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | S | |
| CVE-2022-28191 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontro... | S | |
| CVE-2022-28192 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may l... | S | |
| CVE-2022-28193 | NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where... | | |
| CVE-2022-28194 | NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where... | | |
| CVE-2022-28195 | NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, wh... | | |
| CVE-2022-28196 | NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, w... | | |
| CVE-2022-28197 | NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where ... | | |
| CVE-2022-28198 | NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an... | | |
| CVE-2022-28199 | NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the ... | | |
| CVE-2022-28200 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevat... | | |
| CVE-2022-28201 | An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. ... | E S | |
| CVE-2022-28202 | An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37... | S | |
| CVE-2022-28203 | A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.... | E S | |
| CVE-2022-28204 | A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php... | E S | |
| CVE-2022-28205 | An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issu... | E S | |
| CVE-2022-28206 | An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter ext... | E S | |
| CVE-2022-28209 | An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission... | S | |
| CVE-2022-28213 | When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version... | E | |
| CVE-2022-28214 | During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, ... | | |
| CVE-2022-28215 | SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated atta... | | |
| CVE-2022-28216 | SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a... | | |
| CVE-2022-28217 | Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document acc... | | |
| CVE-2022-28218 | An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could ... | | |
| CVE-2022-28219 | Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack ... | E S | |
| CVE-2022-28220 | STARTTLS command injection in Apache JAMES | S | |
| CVE-2022-28221 | CleanTalk AntiSpam <= 5.173 Reflected XSS | | |
| CVE-2022-28222 | CleanTalk AntiSpam <= 5.173 Reflected XSS | E | |
| CVE-2022-28223 | Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to roo... | | |
| CVE-2022-28224 | Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature | | |
| CVE-2022-28225 | Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low ... | | |
| CVE-2022-28226 | Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low ... | | |
| CVE-2022-28228 | Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert sta... | | |
| CVE-2022-28229 | The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers t... | | |
| CVE-2022-28230 | Adobe Acrobat Reader DC AcroForm calculateNow Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28231 | Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28232 | Adobe Acrobat Reader DC Collab Object Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2022-28233 | Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28234 | Adobe Acrobat Reader DC Heap Overflow Could Lead to RCE | | |
| CVE-2022-28235 | Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28236 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28237 | Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28238 | Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28239 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-28240 | Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28241 | Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-28242 | Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28243 | Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-28244 | Adobe Acrobat Reader DC CSP Bypass Leads To Privilege Escalation | | |
| CVE-2022-28245 | Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28246 | Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28247 | Adobe Acrobat Uninstaller Hard Link Leads To Remote Code Execution | | |
| CVE-2022-28248 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28249 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28250 | Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2022-28251 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28252 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28253 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28254 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28255 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28256 | Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2022-28257 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28258 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28259 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28260 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28261 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28262 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28263 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28264 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28265 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28266 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28267 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28268 | Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28269 | Adobe Acrobat Reader DC Annotation Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2022-28270 | Adobe Photoshop SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28271 | Adobe Photoshop PDF File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28272 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28273 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28274 | Adobe Photoshop Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-28275 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28276 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28277 | Adobe Photoshop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28278 | Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28279 | Adobe Photoshop Font Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28281 | If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register comm... | E | |
| CVE-2022-28282 | By using a link with rel="localization" a use-after-free could have been triggered by d... | E | |
| CVE-2022-28283 | The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage t... | E | |
| CVE-2022-28284 | SVG's <use> element could have been used to load unexpected content that could ha... | | |
| CVE-2022-28285 | When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet... | E | |
| CVE-2022-28286 | Due to a layout change, iframe contents could have been rendered outside of its border. This could h... | E | |
| CVE-2022-28287 | In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, l... | E | |
| CVE-2022-28288 | Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla Fuzzing Te... | | |
| CVE-2022-28289 | Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mo... | | |
| CVE-2022-28290 | Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. Th... | E | |
| CVE-2022-28291 | Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve store... | E | |
| CVE-2022-28300 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28301 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28302 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28303 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28304 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28305 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28306 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28307 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28308 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-28309 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-28310 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28311 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28312 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-28313 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-28314 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28315 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28316 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28317 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28318 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28319 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28320 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28321 | The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH ... | S | |
| CVE-2022-28323 | An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because ... | | |
| CVE-2022-28327 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a p... | | |
| CVE-2022-28328 | A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-... | S | |
| CVE-2022-28329 | A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-... | S | |
| CVE-2022-28330 | read beyond bounds in mod_isapi | | |
| CVE-2022-28331 | Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function | | |
| CVE-2022-28339 | Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search p... | | |
| CVE-2022-28345 | The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RT... | E S | |
| CVE-2022-28346 | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QueryS... | S | |
| CVE-2022-28347 | A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3... | S | |
| CVE-2022-28348 | Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and... | | |
| CVE-2022-28349 | Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r... | | |
| CVE-2022-28350 | Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p... | | |
| CVE-2022-28352 | WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the... | E M | |
| CVE-2022-28353 | In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL (aka external.php?url=) is vu... | E | |
| CVE-2022-28354 | In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to X... | E | |
| CVE-2022-28355 | randomUUID in Scala.js before 1.10.0 generates predictable values.... | S | |
| CVE-2022-28356 | In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.... | E S | |
| CVE-2022-28357 | NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a m... | | |
| CVE-2022-28363 | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in ... | E | |
| CVE-2022-28364 | Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in ... | E | |
| CVE-2022-28365 | Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET reques... | E | |
| CVE-2022-28366 | Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) ... | | |
| CVE-2022-28367 | OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. T... | S | |
| CVE-2022-28368 | Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Casc... | E S | |
| CVE-2022-28369 | Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within t... | E | |
| CVE-2022-28370 | On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade pr... | E | |
| CVE-2022-28371 | On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the... | E | |
| CVE-2022-28372 | On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the... | E | |
| CVE-2022-28373 | Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled param... | E | |
| CVE-2022-28374 | Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled para... | E | |
| CVE-2022-28375 | Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled para... | E | |
| CVE-2022-28376 | Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial... | E | |
| CVE-2022-28377 | On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the... | E | |
| CVE-2022-28378 | Craft CMS before 3.7.29 allows XSS.... | | |
| CVE-2022-28379 | jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion.... | E | |
| CVE-2022-28380 | The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal ... | S | |
| CVE-2022-28381 | Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers... | E | |
| CVE-2022-28382 | An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure... | E | |
| CVE-2022-28383 | An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware ... | E | |
| CVE-2022-28384 | An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, th... | E | |
| CVE-2022-28385 | An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity chec... | E | |
| CVE-2022-28386 | An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lock... | E | |
| CVE-2022-28387 | An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, th... | E | |
| CVE-2022-28388 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a doubl... | S | |
| CVE-2022-28389 | mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a doubl... | S | |
| CVE-2022-28390 | ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double ... | S | |
| CVE-2022-28391 | BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print... | E S | |
| CVE-2022-28394 | EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below... | | |
| CVE-2022-28396 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-28397 | An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attacke... | E | |
| CVE-2022-28410 | Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /r... | E | |
| CVE-2022-28411 | Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /r... | E | |
| CVE-2022-28412 | Car Driving School Managment System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-28413 | Car Driving School Management System v1.0 was discovered to contain a SQL injection vulnerability vi... | E | |
| CVE-2022-28414 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-28415 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-28416 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-28417 | Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-28420 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php... | E | |
| CVE-2022-28421 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=post... | E | |
| CVE-2022-28422 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&a... | E | |
| CVE-2022-28423 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&a... | E | |
| CVE-2022-28424 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&f... | E | |
| CVE-2022-28425 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.ph... | E | |
| CVE-2022-28426 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.ph... | E | |
| CVE-2022-28427 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&a... | E | |
| CVE-2022-28429 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&a... | E | |
| CVE-2022-28431 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions... | E | |
| CVE-2022-28432 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=site... | E | |
| CVE-2022-28433 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&a... | E | |
| CVE-2022-28434 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=site... | | |
| CVE-2022-28435 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions... | E | |
| CVE-2022-28436 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&a... | E | |
| CVE-2022-28437 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&a... | E | |
| CVE-2022-28438 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&a... | E | |
| CVE-2022-28439 | Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&&... | E | |
| CVE-2022-28440 | An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a... | E | |
| CVE-2022-28443 | UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.... | | |
| CVE-2022-28444 | UCMS v1.6 was discovered to contain an arbitrary file read vulnerability.... | E | |
| CVE-2022-28445 | KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background man... | E | |
| CVE-2022-28448 | nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inje... | E | |
| CVE-2022-28449 | nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature,... | E | |
| CVE-2022-28450 | nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) whe... | E | |
| CVE-2022-28451 | nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance featu... | S | |
| CVE-2022-28452 | Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.... | E | |
| CVE-2022-28454 | Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2022-28461 | mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection.... | E | |
| CVE-2022-28462 | novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.... | E | |
| CVE-2022-28463 | ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.... | E S | |
| CVE-2022-28464 | Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execu... | | |
| CVE-2022-28467 | Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapp... | E | |
| CVE-2022-28468 | Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the usern... | E | |
| CVE-2022-28470 | marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.... | E | |
| CVE-2022-28471 | In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vuln... | E | |
| CVE-2022-28477 | WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2022-28478 | SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality ins... | E S | |
| CVE-2022-28479 | SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin pr... | E S | |
| CVE-2022-28480 | ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe.... | E | |
| CVE-2022-28481 | CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.... | E S | |
| CVE-2022-28487 | Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest... | E S | |
| CVE-2022-28488 | The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized V... | E S | |
| CVE-2022-28491 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTP... | E | |
| CVE-2022-28492 | TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.... | E | |
| CVE-2022-28493 | A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,... | | |
| CVE-2022-28494 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerab... | E | |
| CVE-2022-28495 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerab... | E | |
| CVE-2022-28496 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerabili... | | |
| CVE-2022-28497 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerab... | | |
| CVE-2022-28505 | Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java.... | E | |
| CVE-2022-28506 | There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.... | E | |
| CVE-2022-28507 | Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross S... | E | |
| CVE-2022-28508 | An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output... | E | |
| CVE-2022-28512 | A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inje... | E | |
| CVE-2022-28521 | ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&... | E | |
| CVE-2022-28522 | ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index... | E | |
| CVE-2022-28523 | HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action... | E | |
| CVE-2022-28524 | ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.ph... | | |
| CVE-2022-28525 | ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users... | | |
| CVE-2022-28527 | dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?... | E | |
| CVE-2022-28528 | bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/inde... | E | |
| CVE-2022-28530 | Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdca... | E | |
| CVE-2022-28531 | Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the ad... | E | |
| CVE-2022-28533 | Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/view_d... | E | |
| CVE-2022-28541 | Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows at... | | |
| CVE-2022-28542 | Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local atta... | | |
| CVE-2022-28543 | Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to rea... | | |
| CVE-2022-28544 | Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to ve... | | |
| CVE-2022-28545 | FUDforum 3.1.1 is vulnerable to Stored XSS.... | S | |
| CVE-2022-28550 | Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead.... | E S | |
| CVE-2022-28552 | Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a ne... | E | |
| CVE-2022-28556 | Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack ov... | E | |
| CVE-2022-28557 | There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC1... | E | |
| CVE-2022-28560 | There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd se... | E | |
| CVE-2022-28561 | There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service... | E | |
| CVE-2022-28568 | Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload ... | E | |
| CVE-2022-28571 | D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin... | E | |
| CVE-2022-28572 | Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status`... | E | |
| CVE-2022-28573 | D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the functio... | E | |
| CVE-2022-28575 | It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in ... | E | |
| CVE-2022-28577 | It is found that there is a command injection vulnerability in the delParentalRules interface in TOT... | E | |
| CVE-2022-28578 | It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOli... | E | |
| CVE-2022-28579 | It is found that there is a command injection vulnerability in the setParentalRules interface in TOT... | E | |
| CVE-2022-28580 | It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOT... | E | |
| CVE-2022-28581 | It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in T... | E | |
| CVE-2022-28582 | It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOT... | E | |
| CVE-2022-28583 | It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOli... | E | |
| CVE-2022-28584 | It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTO... | E | |
| CVE-2022-28585 | EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php... | E | |
| CVE-2022-28586 | XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit ... | E | |
| CVE-2022-28588 | In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no ... | E | |
| CVE-2022-28589 | A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbi... | E | |
| CVE-2022-28590 | A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action... | E | |
| CVE-2022-28598 | Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly ne... | E | |
| CVE-2022-28599 | A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authentica... | E | |
| CVE-2022-28601 | A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doct... | E | |
| CVE-2022-28605 | Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin pr... | | |
| CVE-2022-28606 | An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. Bos... | | |
| CVE-2022-28607 | An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018... | E | |
| CVE-2022-28611 | Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2... | | |
| CVE-2022-28612 | WordPress Custom Popup Builder plugin <= 1.3.1 - Improper Access Control vulnerability leading to multiple Authenticated Stored XSS | | |
| CVE-2022-28613 | Specially Crafted Modbus TCP Packet Vulnerability in RTU500 series | S | |
| CVE-2022-28614 | read beyond bounds via ap_rwrite() | | |
| CVE-2022-28615 | Read beyond bounds in ap_strcmp_match() | | |
| CVE-2022-28616 | A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): ... | S | |
| CVE-2022-28617 | A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior ... | S | |
| CVE-2022-28618 | A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Ar... | | |
| CVE-2022-28619 | A potential security vulnerability has been identified in the installer of HPE Version Control Repos... | | |
| CVE-2022-28620 | A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutio... | | |
| CVE-2022-28621 | A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM ver... | | |
| CVE-2022-28622 | A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server sup... | | |
| CVE-2022-28623 | Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL inje... | | |
| CVE-2022-28624 | A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric swi... | | |
| CVE-2022-28625 | A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): ... | M | |
| CVE-2022-28626 | A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5)... | | |
| CVE-2022-28627 | A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5)... | | |
| CVE-2022-28628 | A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5)... | | |
| CVE-2022-28629 | A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5)... | | |
| CVE-2022-28630 | A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5)... | | |
| CVE-2022-28631 | A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated ... | | |
| CVE-2022-28632 | A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated ... | | |
| CVE-2022-28633 | A local disclosure of sensitive information and a local unauthorized data modification vulnerability... | | |
| CVE-2022-28634 | A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5)... | | |
| CVE-2022-28635 | A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within ... | | |
| CVE-2022-28636 | A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within ... | | |
| CVE-2022-28637 | A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentia... | | |
| CVE-2022-28638 | An isolated local disclosure of information and potential isolated local arbitrary code execution vu... | | |
| CVE-2022-28639 | A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution ... | | |
| CVE-2022-28640 | A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a l... | | |
| CVE-2022-28641 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28642 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28643 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28644 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28645 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-28646 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28647 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2022-28648 | In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered... | | |
| CVE-2022-28649 | In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party do... | | |
| CVE-2022-28650 | In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the ... | | |
| CVE-2022-28651 | In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields... | | |
| CVE-2022-28652 | ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack... | | |
| CVE-2022-28653 | Users can consume unlimited disk space in /var/crash... | | |
| CVE-2022-28654 | is_closing_session() allows users to fill up apport.log... | | |
| CVE-2022-28655 | is_closing_session() allows users to create arbitrary tcp dbus connections... | | |
| CVE-2022-28656 | is_closing_session() allows users to consume RAM in the Apport process... | | |
| CVE-2022-28657 | Apport does not disable python crash handler before entering chroot... | | |
| CVE-2022-28658 | Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofin... | | |
| CVE-2022-28660 | The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require a... | | |
| CVE-2022-28661 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected appl... | S | |
| CVE-2022-28662 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected appl... | S | |
| CVE-2022-28663 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected appl... | S | |
| CVE-2022-28664 | A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. ... | E | |
| CVE-2022-28665 | A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. ... | E | |
| CVE-2022-28666 | WordPress Custom Product Tabs for WooCommerce plugin <= 1.7.7 - Broken Access Control vulnerability | S | |
| CVE-2022-28667 | Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow ... | | |
| CVE-2022-28668 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sa... | | |
| CVE-2022-28669 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28670 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-28671 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28672 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28673 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28674 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28675 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28676 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28677 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28678 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28679 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28680 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28681 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-28682 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28683 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-28684 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of De... | | |
| CVE-2022-28685 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of AV... | S | |
| CVE-2022-28686 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of AV... | S | |
| CVE-2022-28687 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of AV... | S | |
| CVE-2022-28688 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of AV... | S | |
| CVE-2022-28689 | A leftover debug code vulnerability exists in the console support functionality of InHand Networks I... | | |
| CVE-2022-28690 | Horner Automation Cscape Csfont | S | |
| CVE-2022-28691 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions pri... | | |
| CVE-2022-28692 | Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote... | | |
| CVE-2022-28693 | Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may a... | | |
| CVE-2022-28694 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-28695 | On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versio... | | |
| CVE-2022-28696 | Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow a... | S | |
| CVE-2022-28697 | Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow a... | M | |
| CVE-2022-28698 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-28699 | Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potenti... | S | |
| CVE-2022-28700 | WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerability | S | |
| CVE-2022-28701 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual s... | | |
| CVE-2022-28702 | e-Design - Multiple vulnerabilities | S | |
| CVE-2022-28703 | A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages fu... | E | |
| CVE-2022-28704 | Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a re... | | |
| CVE-2022-28705 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p... | | |
| CVE-2022-28706 | On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS res... | | |
| CVE-2022-28707 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versio... | | |
| CVE-2022-28708 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP ... | | |
| CVE-2022-28709 | Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1... | | |
| CVE-2022-28710 | An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 an... | E | |
| CVE-2022-28711 | A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb mast... | E | |
| CVE-2022-28712 | A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11... | E | |
| CVE-2022-28713 | Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote ... | | |
| CVE-2022-28714 | On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versio... | | |
| CVE-2022-28715 | Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allo... | | |
| CVE-2022-28716 | On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14... | M | |
| CVE-2022-28717 | Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware ve... | S | |
| CVE-2022-28718 | Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remot... | | |
| CVE-2022-28719 | Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauth... | | |
| CVE-2022-28721 | Certain HP Print Products are potentially vulnerable to Remote Code Execution.... | | |
| CVE-2022-28722 | Certain HP Print Products are potentially vulnerable to Buffer Overflow.... | | |
| CVE-2022-28730 | Apache JSPWiki Cross-site scripting vulnerability on AJAXPreview.jsp | | |
| CVE-2022-28731 | Apache JSPWiki CSRF in UserPreferences.jsp | M | |
| CVE-2022-28732 | Apache JSPWiki Cross-site scripting vulnerability on WeblogPlugin | | |
| CVE-2022-28733 | Integer underflow in grub_net_recv_ip4_packets | | |
| CVE-2022-28734 | Out-of-bounds write when handling split HTTP headers | | |
| CVE-2022-28735 | The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot syst... | | |
| CVE-2022-28736 | There's a use-after-free vulnerability in grub_cmd_chainloader() function | | |
| CVE-2022-28737 | There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables | | |
| CVE-2022-28738 | A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a... | S | |
| CVE-2022-28739 | There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x b... | | |
| CVE-2022-28740 | aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information t... | | |
| CVE-2022-28741 | aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (L... | | |
| CVE-2022-28742 | aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. Th... | | |
| CVE-2022-28743 | Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running Syste... | | |
| CVE-2022-28747 | Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code... | | |
| CVE-2022-28748 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate... | R | |
| CVE-2022-28749 | Insufficient Authorization Check During Meeting Join | | |
| CVE-2022-28750 | Zoom On-Premise Deployments: Stack Buffer Overflow in Meeting Connector | | |
| CVE-2022-28751 | Local Privilege Escalation in Zoom Client for Meetings for MacOS | | |
| CVE-2022-28752 | Local Privilege Escalation in the Zoom Rooms for Windows Client | | |
| CVE-2022-28753 | Zoom On-Premise Deployments: Improper Access Control Vulnerability | | |
| CVE-2022-28754 | Zoom On-Premise Deployments: Improper Access Control Vulnerability | | |
| CVE-2022-28755 | Improper URL parsing in Zoom Clients | | |
| CVE-2022-28756 | Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS | | |
| CVE-2022-28757 | Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS | | |
| CVE-2022-28758 | Zoom On-Premise Deployments: Improper Access Control | | |
| CVE-2022-28759 | Zoom On-Premise Deployments: Improper Access Control | | |
| CVE-2022-28760 | Zoom On-Premise Deployments: Improper Access Control | | |
| CVE-2022-28761 | Zoom On-Premise Deployments: Improper Access Control | | |
| CVE-2022-28762 | Debugging port misconfiguration in Zoom Apps in the Zoom Client for Meetings for macOS | | |
| CVE-2022-28763 | Improper URL parsing in Zoom Clients | | |
| CVE-2022-28764 | Local information exposure in Zoom Clients | | |
| CVE-2022-28766 | DLL injection in Zoom Windows Clients | | |
| CVE-2022-28768 | Local Privilege Escalation in Zoom Client Installer for macOS | | |
| CVE-2022-28770 | Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows ... | | |
| CVE-2022-28771 | Due to missing authentication check, SAP Business one License service API - version 10.0 allows an u... | | |
| CVE-2022-28772 | By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Di... | | |
| CVE-2022-28773 | Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the a... | | |
| CVE-2022-28774 | Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be rest... | | |
| CVE-2022-28775 | Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to w... | | |
| CVE-2022-28776 | Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to i... | | |
| CVE-2022-28777 | Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local att... | | |
| CVE-2022-28778 | Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows... | | |
| CVE-2022-28779 | Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer progr... | | |
| CVE-2022-28780 | Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attacke... | | |
| CVE-2022-28781 | Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arb... | | |
| CVE-2022-28782 | Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows p... | | |
| CVE-2022-28783 | Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows... | | |
| CVE-2022-28784 | Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to li... | | |
| CVE-2022-28785 | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out ... | | |
| CVE-2022-28786 | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out ... | | |
| CVE-2022-28787 | Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out ... | | |
| CVE-2022-28788 | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out ... | | |
| CVE-2022-28789 | Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice wi... | | |
| CVE-2022-28790 | Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock... | | |
| CVE-2022-28791 | Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 al... | | |
| CVE-2022-28792 | DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker ... | | |
| CVE-2022-28793 | Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox... | | |
| CVE-2022-28794 | Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows l... | | |
| CVE-2022-28795 | A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole w... | | |
| CVE-2022-28796 | jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after... | S | |
| CVE-2022-28799 | The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated... | | |
| CVE-2022-28802 | Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution ... | M | |
| CVE-2022-28803 | In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via... | | |
| CVE-2022-28805 | singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_ex... | E S | |
| CVE-2022-28806 | An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311,... | E | |
| CVE-2022-28807 | An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vu... | | |
| CVE-2022-28808 | An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vu... | | |
| CVE-2022-28809 | An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vu... | | |
| CVE-2022-28810 | Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator t... | KEV E S | |
| CVE-2022-28811 | Possible command injection in Car Park Server in Carlo Gavazzi UWP3.0 | | |
| CVE-2022-28812 | Use of Hard-coded Credentials in UWP3.0 allows SuperUser authentication bypass in Car Park Server. | | |
| CVE-2022-28813 | SQL-injection in Car Park Server 3.0 allows for full database access. | | |
| CVE-2022-28814 | Path traversal in Carlo Gavazzi UWP 3.0 could lead to full device access | | |
| CVE-2022-28815 | SQL-Injection in Carlo Gavazzi UWP 3.0 Sentilo Proxy | | |
| CVE-2022-28816 | Reflected XSS in Carlo Gavazzi UWP 3.0 | | |
| CVE-2022-28817 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: No impact could be veri... | R | |
| CVE-2022-28818 | ColdFusion Reflected Cross-Site Scripting could lead to Arbitrary Code Execution | | |
| CVE-2022-28819 | Adobe Character Animator SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28820 | Adobe Consulting Services Reflected Cross-Site Scripting Arbitrary Code Execution | | |
| CVE-2022-28821 | Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28822 | Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28823 | Adobe FrameMaker Font Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28824 | Adobe FrameMaker Font Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28825 | Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28826 | Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28827 | Adobe FrameMaker SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28828 | Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Code Execution Vulnerability | | |
| CVE-2022-28829 | Adobe FrameMaker Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28830 | Adobe FrameMaker Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-28831 | Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28832 | Adobe InDesign Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-28833 | Adobe InDesign Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28834 | Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28835 | Adobe InCopy Font Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28836 | Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-28837 | Adobe Acrobat Pro DC Doc buttonSetIcon Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2022-28838 | Adobe Acrobat Pro DC Doc flattenPages Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-28839 | Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2022-28840 | Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2022-28841 | Adobe Bridge Font Out-of-bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2022-28842 | Adobe Bridge Font Parsing Use-After-Free Remote Code Execution Vulnerability | S | |
| CVE-2022-28843 | Adobe Bridge Font Out-of-bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2022-28844 | Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2022-28845 | Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2022-28846 | Adobe Bridge SVG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2022-28847 | Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2022-28848 | Adobe Bridge PCX Out-of-bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2022-28849 | Adobe Bridge Font Parsing Use-After-Free Remote Code Execution Vulnerability | S | |
| CVE-2022-28850 | Adobe Bridge Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2022-28851 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-28852 | Adobe InDesign 2022 Out-of-Bound Write Arbitrary code execution | | |
| CVE-2022-28853 | Adobe InDesign 2022 Out-of-Bound Write Arbitrary code execution | | |
| CVE-2022-28854 | Adobe InDesign 2022 Out-of-Bound Read Memory leak | | |
| CVE-2022-28855 | Adobe InDesign 2022 Out-of-Bound Read Memory leak | | |
| CVE-2022-28856 | Adobe InDesign 2022 Out-of-Bound Read Memory leak | | |
| CVE-2022-28857 | Adobe InDesign 2022 Out-of-Bound Read Memory leak | | |
| CVE-2022-28858 | Improper buffer restriction in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 ... | S | |
| CVE-2022-28859 | On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installin... | | |
| CVE-2022-28860 | An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle ... | | |
| CVE-2022-28861 | The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and... | | |
| CVE-2022-28862 | In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plainc... | | |
| CVE-2022-28863 | An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit t... | E | |
| CVE-2022-28864 | An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website sectio... | E | |
| CVE-2022-28865 | An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A ma... | E | |
| CVE-2022-28866 | Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.0... | E | |
| CVE-2022-28867 | An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website sectio... | E | |
| CVE-2022-28868 | Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android | S | |
| CVE-2022-28869 | Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android | S | |
| CVE-2022-28870 | Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android | S | |
| CVE-2022-28871 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-28872 | Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android | S | |
| CVE-2022-28873 | Multiple Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android | S | |
| CVE-2022-28874 | Multiple Denial-of-Service (DoS) Vulnerabilities | S | |
| CVE-2022-28875 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-28876 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-28877 | Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products | S | |
| CVE-2022-28878 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-28879 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-28880 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-28881 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-28882 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-28883 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-28884 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-28885 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-28886 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-28887 | Multiple Denial of Service Vulnerability | S | |
| CVE-2022-28888 | Spryker Commerce OS 1.4.2 allows Remote Command Execution.... | E | |
| CVE-2022-28889 | Clickjacking in the web console | M | |
| CVE-2022-28890 | Processing external DTDs | M | |
| CVE-2022-28892 | Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CS... | S | |
| CVE-2022-28893 | The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that s... | S | |
| CVE-2022-28895 | A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DI... | E | |
| CVE-2022-28896 | A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 D... | E | |
| CVE-2022-28901 | A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882... | E | |
| CVE-2022-28905 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via ... | E | |
| CVE-2022-28906 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via ... | E | |
| CVE-2022-28907 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via ... | E | |
| CVE-2022-28908 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via ... | E | |
| CVE-2022-28909 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via ... | E | |
| CVE-2022-28910 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via ... | E | |
| CVE-2022-28911 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via ... | E | |
| CVE-2022-28912 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via ... | E | |
| CVE-2022-28913 | TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via ... | E | |
| CVE-2022-28915 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the adm... | E | |
| CVE-2022-28917 | Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /go... | E | |
| CVE-2022-28918 | GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php... | E | |
| CVE-2022-28919 | HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnera... | E | |
| CVE-2022-28920 | Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the f... | E | |
| CVE-2022-28921 | A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unaut... | E | |
| CVE-2022-28923 | Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to r... | E S | |
| CVE-2022-28924 | An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obta... | E | |
| CVE-2022-28927 | A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbit... | E S | |
| CVE-2022-28929 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the deli... | E | |
| CVE-2022-28930 | ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEv... | E | |
| CVE-2022-28932 | D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.... | | |
| CVE-2022-28935 | Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2... | E | |
| CVE-2022-28936 | FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger a... | | |
| CVE-2022-28937 | FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an inval... | E | |
| CVE-2022-28940 | In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. I... | E | |
| CVE-2022-28944 | Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. T... | E | |
| CVE-2022-28945 | An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZI... | E | |
| CVE-2022-28946 | An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incor... | S | |
| CVE-2022-28948 | An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to dese... | E S | |
| CVE-2022-28955 | An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folder... | E | |
| CVE-2022-28956 | An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the devic... | E | |
| CVE-2022-28958 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2022-28959 | Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework... | E S | |
| CVE-2022-28960 | A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code v... | E S | |
| CVE-2022-28961 | Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilitie... | E S | |
| CVE-2022-28962 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?... | E | |
| CVE-2022-28964 | An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809... | | |
| CVE-2022-28965 | Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Prem... | S | |
| CVE-2022-28966 | Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Com... | E | |
| CVE-2022-28969 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the... | E | |
| CVE-2022-28970 | Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the functio... | E | |
| CVE-2022-28971 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the funct... | E | |
| CVE-2022-28972 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the f... | E | |
| CVE-2022-28973 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the fun... | E | |
| CVE-2022-28975 | A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to... | E | |
| CVE-2022-28977 | HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 throu... | S | |
| CVE-2022-28978 | Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration ... | | |
| CVE-2022-28979 | Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15,... | S | |
| CVE-2022-28980 | Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 ... | | |
| CVE-2022-28981 | Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.... | | |
| CVE-2022-28982 | A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v... | | |
| CVE-2022-28985 | A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 a... | E | |
| CVE-2022-28986 | LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure dir... | E | |
| CVE-2022-28987 | Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration vi... | E | |
| CVE-2022-28990 | WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm.... | E S | |
| CVE-2022-28991 | Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vul... | E | |
| CVE-2022-28992 | A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change... | E | |
| CVE-2022-28993 | Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a c... | E | |
| CVE-2022-28994 | Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET requ... | E | |
| CVE-2022-28995 | Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml co... | E | |
| CVE-2022-28997 | CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leverage... | E | |
| CVE-2022-28998 | Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers t... | E | |
| CVE-2022-28999 | Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to... | E |