| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-29001 | In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary... | E | |
| CVE-2022-29002 | A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create adminis... | E | |
| CVE-2022-29004 | Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability vi... | E | |
| CVE-2022-29005 | Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Onlin... | | |
| CVE-2022-29006 | Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel o... | E | |
| CVE-2022-29007 | Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel o... | E | |
| CVE-2022-29008 | An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Managem... | E | |
| CVE-2022-29009 | Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel o... | E | |
| CVE-2022-29013 | A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows... | E | |
| CVE-2022-29014 | A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attacke... | E | |
| CVE-2022-29017 | Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/s... | E S | |
| CVE-2022-29020 | ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user ava... | E | |
| CVE-2022-29021 | A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allo... | E | |
| CVE-2022-29022 | A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.... | E | |
| CVE-2022-29023 | A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 al... | E S | |
| CVE-2022-29028 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V1... | S | |
| CVE-2022-29029 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V1... | S | |
| CVE-2022-29030 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V1... | S | |
| CVE-2022-29031 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V1... | S | |
| CVE-2022-29032 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V1... | S | |
| CVE-2022-29033 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V1... | S | |
| CVE-2022-29034 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error ... | E S | |
| CVE-2022-29035 | In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using ... | S | |
| CVE-2022-29036 | Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.... | | |
| CVE-2022-29037 | Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name pa... | | |
| CVE-2022-29038 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and... | | |
| CVE-2022-29039 | Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 ... | | |
| CVE-2022-29040 | Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git para... | | |
| CVE-2022-29041 | Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira ... | | |
| CVE-2022-29042 | Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator ... | | |
| CVE-2022-29043 | Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored... | | |
| CVE-2022-29044 | Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description ... | | |
| CVE-2022-29045 | Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the na... | | |
| CVE-2022-29046 | Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subver... | | |
| CVE-2022-29047 | Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, al... | | |
| CVE-2022-29048 | A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier al... | | |
| CVE-2022-29049 | Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the ... | | |
| CVE-2022-29050 | A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlie... | | |
| CVE-2022-29051 | Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with O... | | |
| CVE-2022-29052 | Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agen... | | |
| CVE-2022-29053 | A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files... | | |
| CVE-2022-29054 | A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS... | S | |
| CVE-2022-29055 | A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 thro... | | |
| CVE-2022-29056 | A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet Fort... | S | |
| CVE-2022-29057 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | | |
| CVE-2022-29058 | An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78]... | | |
| CVE-2022-29059 | An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerabilit... | S | |
| CVE-2022-29060 | A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, ... | S | |
| CVE-2022-29061 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulner... | | |
| CVE-2022-29062 | Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows ... | | |
| CVE-2022-29063 | Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz | S | |
| CVE-2022-29071 | This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vu ... | S | |
| CVE-2022-29072 | 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with th... | E | |
| CVE-2022-29077 | A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to c... | S | |
| CVE-2022-29078 | The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template in... | E S | |
| CVE-2022-29080 | The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacke... | E | |
| CVE-2022-29081 | Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 bef... | E | |
| CVE-2022-29082 | Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x,... | | |
| CVE-2022-29083 | Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attack... | | |
| CVE-2022-29084 | Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive... | | |
| CVE-2022-29085 | Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text pa... | | |
| CVE-2022-29086 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-29087 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-29088 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-29089 | Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an... | | |
| CVE-2022-29090 | Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low p... | | |
| CVE-2022-29091 | Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cros... | | |
| CVE-2022-29092 | Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Clien... | | |
| CVE-2022-29093 | Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Clien... | M | |
| CVE-2022-29094 | Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Clien... | M | |
| CVE-2022-29095 | Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commerc... | M | |
| CVE-2022-29096 | Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability i... | | |
| CVE-2022-29097 | Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker co... | | |
| CVE-2022-29098 | Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerab... | S | |
| CVE-2022-29099 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-29100 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-29101 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-29102 | Windows Failover Cluster Information Disclosure Vulnerability | S | |
| CVE-2022-29103 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | S | |
| CVE-2022-29104 | Windows Print Spooler Elevation of Privilege Vulnerability | S | |
| CVE-2022-29105 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | S | |
| CVE-2022-29106 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | S | |
| CVE-2022-29107 | Microsoft Office Security Feature Bypass Vulnerability | S | |
| CVE-2022-29108 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2022-29109 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2022-29110 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2022-29111 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2022-29112 | Windows Graphics Component Information Disclosure Vulnerability | S | |
| CVE-2022-29113 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | S | |
| CVE-2022-29114 | Windows Print Spooler Information Disclosure Vulnerability | S | |
| CVE-2022-29115 | Windows Fax Service Remote Code Execution Vulnerability | S | |
| CVE-2022-29116 | Windows Kernel Information Disclosure Vulnerability | S | |
| CVE-2022-29117 | .NET and Visual Studio Denial of Service Vulnerability | S | |
| CVE-2022-29119 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2022-29120 | Windows Clustered Shared Volume Information Disclosure Vulnerability | S | |
| CVE-2022-29121 | Windows WLAN AutoConfig Service Denial of Service Vulnerability | S | |
| CVE-2022-29122 | Windows Clustered Shared Volume Information Disclosure Vulnerability | S | |
| CVE-2022-29123 | Windows Clustered Shared Volume Information Disclosure Vulnerability | S | |
| CVE-2022-29125 | Windows Push Notifications Apps Elevation of Privilege Vulnerability | S | |
| CVE-2022-29126 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | S | |
| CVE-2022-29127 | BitLocker Security Feature Bypass Vulnerability | S | |
| CVE-2022-29128 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | S | |
| CVE-2022-29129 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | S | |
| CVE-2022-29130 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | S | |
| CVE-2022-29131 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | S | |
| CVE-2022-29132 | Windows Print Spooler Elevation of Privilege Vulnerability | S | |
| CVE-2022-29133 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2022-29134 | Windows Clustered Shared Volume Information Disclosure Vulnerability | S | |
| CVE-2022-29135 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | S | |
| CVE-2022-29137 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | S | |
| CVE-2022-29138 | Windows Clustered Shared Volume Elevation of Privilege Vulnerability | S | |
| CVE-2022-29139 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | S | |
| CVE-2022-29140 | Windows Print Spooler Information Disclosure Vulnerability | S | |
| CVE-2022-29141 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | S | |
| CVE-2022-29142 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2022-29143 | Microsoft SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2022-29144 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2022-29145 | .NET and Visual Studio Denial of Service Vulnerability | S | |
| CVE-2022-29146 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2022-29147 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2022-29148 | Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2022-29149 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | S | |
| CVE-2022-29150 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | S | |
| CVE-2022-29151 | Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability | S | |
| CVE-2022-29152 | The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPorta... | | |
| CVE-2022-29153 | HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side reques... | | |
| CVE-2022-29154 | An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrar... | E S | |
| CVE-2022-29155 | In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the ex... | E | |
| CVE-2022-29156 | drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related ... | S | |
| CVE-2022-29158 | Regular Expression Denial of Service (ReDoS) vulnerability in Apache OFBiz | S | |
| CVE-2022-29159 | Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck | E S | |
| CVE-2022-29160 | Sensitive files/data exist after deletion of user account in Nextcloud Android | E S | |
| CVE-2022-29161 | Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform | S | |
| CVE-2022-29162 | Incorrect Default Permissions in runc | S | |
| CVE-2022-29163 | Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server | S | |
| CVE-2022-29164 | Privilege Escalation in argo-workflows | S | |
| CVE-2022-29165 | Argo CD will blindly trust JWT claims if anonymous access is enabled | M | |
| CVE-2022-29166 | Improper handling of multiline messages in matrix-appservice-irc | | |
| CVE-2022-29167 | ReDoS vulnerability in header parsing in hawk | S | |
| CVE-2022-29168 | Cross Site Scripting in Wire Messages | | |
| CVE-2022-29169 | ReDoS on endpoint html5client/useragent in BigBlueButton | S | |
| CVE-2022-29170 | Grafana Enterprise datasource network restrictions bypass via HTTP redirects | S | |
| CVE-2022-29171 | Remote Code Execution in sourcegraph | | |
| CVE-2022-29172 | HTML injection with additional signup fields | S | |
| CVE-2022-29173 | No protection against rollback attacks in go-tuf | S | |
| CVE-2022-29174 | Predictable password reset token may lead to account takeover in countly-server | S | |
| CVE-2022-29175 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate was with... | R | |
| CVE-2022-29176 | Unauthorized gem takeover for some gems on rubygems.org | M | |
| CVE-2022-29177 | DoS via malicious p2p message in Go-Ethereum | S | |
| CVE-2022-29178 | Incorrect Default Permissions in Cilium | M | |
| CVE-2022-29179 | Improper Privilege Management in Cilium | | |
| CVE-2022-29180 | Charm vulnerable to server-side request forgery (SSRF) | S | |
| CVE-2022-29181 | Improper Handling of Unexpected Data Type in Nokogiri | E S | |
| CVE-2022-29182 | DOM-based XSS in GoCD | S | |
| CVE-2022-29183 | Reflected XSS in GoCD | S | |
| CVE-2022-29184 | Command Injection/Argument Injection in GoCD | S | |
| CVE-2022-29185 | Observable Timing Discrepancy in totp-rs | | |
| CVE-2022-29186 | Use of Hard-coded Cryptographic Key in rundeck/rundeck, rundeckpro/enterprise | S | |
| CVE-2022-29187 | Bypass of safe.directory protections in Git | | |
| CVE-2022-29188 | Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen | S | |
| CVE-2022-29189 | Buffer for inbound DTLS fragments has no limit | S | |
| CVE-2022-29190 | Header reconstruction method can be thrown into an infinite loop in Pion DTLS | S | |
| CVE-2022-29191 | Missing validation causes denial of service via `GetSessionTensor` in TensorFlow | E S | |
| CVE-2022-29192 | Missing validation crashes `QuantizeAndDequantizeV4Grad` in TensorFlow | E S | |
| CVE-2022-29193 | Missing validation causes `TensorSummaryV2` in TensorFlow to crash | E S | |
| CVE-2022-29194 | Missing validation causes denial of service via `DeleteSessionTensor` in TensorFlow | E S | |
| CVE-2022-29195 | Missing validation causes denial of service in TensorFlow via `StagePeek` | E S | |
| CVE-2022-29196 | Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2` | E S | |
| CVE-2022-29197 | Missing validation causes denial of service in TensorFlow via `UnsortedSegmentJoin` | E S | |
| CVE-2022-29198 | Missing validation causes denial of service in TensorFlow via `SparseTensorToCSRSparseMatrix` | E S | |
| CVE-2022-29199 | Missing validation causes denial of service in TensorFlow via `LoadAndRemapMatrix` | E S | |
| CVE-2022-29200 | Missing validation causes denial of service in TensorFlow via `LSTMBlockCell` | E S | |
| CVE-2022-29201 | Missing validation in `QuantizedConv2D` results in undefined behavior in TensorFlow | E S | |
| CVE-2022-29202 | Denial of service in TensorFlow due to lack of validation in `tf.ragged.constant` | E S | |
| CVE-2022-29203 | Integer overflow in `SpaceToBatchND` in TensorFlow | E S | |
| CVE-2022-29204 | Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2` | E S | |
| CVE-2022-29205 | Segfault due to missing support for quantized types in TensorFlow | E S | |
| CVE-2022-29206 | Missing validation results in undefined behavior in `SparseTensorDenseAdd` in TensorFlow | E S | |
| CVE-2022-29207 | Undefined behavior when users supply invalid resource handles in TensorFlow | E S | |
| CVE-2022-29208 | Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow | E S | |
| CVE-2022-29209 | Type confusion leading to `CHECK`-failure based denial of service in TensorFlow | E S | |
| CVE-2022-29210 | Heap buffer overflow due to incorrect hash function in TensorFlow | S | |
| CVE-2022-29211 | Segfault in TensorFlow if `tf.histogram_fixed_width` is called with NaN values | E S | |
| CVE-2022-29212 | Core dump when loading TFLite models with quantization in TensorFlow | E S | |
| CVE-2022-29213 | Incomplete validation in signal ops leads to crashes in TensorFlow | E S | |
| CVE-2022-29214 | URL Redirection to Untrusted Site ('Open Redirect') in next-auth | | |
| CVE-2022-29215 | Argument Injection in RegionProtect | S | |
| CVE-2022-29216 | Code injection in `saved_model_cli` in TensorFlow | E S | |
| CVE-2022-29217 | Key confusion through non-blocklisted public key formats in PyJWT | S | |
| CVE-2022-29218 | Unauthorized takeover for new versions of some platform-specific gems | E | |
| CVE-2022-29219 | Integer Overflow in Lodestar | S | |
| CVE-2022-29220 | No verification of commits origin in github-action-merge-dependabot | S | |
| CVE-2022-29221 | PHP Code Injection by malicious block or filename in Smarty | S | |
| CVE-2022-29222 | Improper Certificate Validation in Pion DTLS | S | |
| CVE-2022-29223 | Buffer overflow on HUB descriptor in Azure RTOS USBX | | |
| CVE-2022-29224 | Segmentation fault leading to crash in Envoy | S | |
| CVE-2022-29225 | Zip bomb vulnerability in Envoy | E S | |
| CVE-2022-29226 | Trivial authentication bypass in Envoy | S | |
| CVE-2022-29227 | Use after free in Envoy | S | |
| CVE-2022-29228 | Reachable assertion in Envoy | S | |
| CVE-2022-29229 | Missing Cryptographic Step in cassproject | | |
| CVE-2022-29230 | Potential cross-site scripting (XSS) vulnerability in Hydrogen | S | |
| CVE-2022-29232 | Exposure of messages in BigBlueButton public chats | S | |
| CVE-2022-29233 | Improper access control for breakout rooms in BigBlue Button | S | |
| CVE-2022-29234 | Grace period for lock settings in public/private chats in BigBlueButton | S | |
| CVE-2022-29235 | Limited data exposure for shared external videos in BigBlueButton | S | |
| CVE-2022-29236 | Improper access control for pencil annotations in BigBlueButton | S | |
| CVE-2022-29237 | Limited Authentication Bypass for Media Files in Opencast | S | |
| CVE-2022-29238 | Forced Browsing in Jupyter Notebook | | |
| CVE-2022-29240 | Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla | S | |
| CVE-2022-29241 | Known or guessable hidden files may be accessed in Jupyter Server | | |
| CVE-2022-29242 | Buffer Overflow on creating key transport blob in GOST Engine | S | |
| CVE-2022-29243 | Improper input-size validation on the user new session name in Nextcloud Server | S | |
| CVE-2022-29244 | npm packing does not respect root-level ignore files in workspaces | S | |
| CVE-2022-29245 | Weak private key generation in SSH.NET | E S | |
| CVE-2022-29246 | Potential buffer overflow in function DFU upload in Azure RTOS USBX | | |
| CVE-2022-29247 | Exposure of Resource to Wrong Sphere in Electron | | |
| CVE-2022-29248 | Cross-domain cookie leakage in Guzzle | S | |
| CVE-2022-29249 | Reversible One-Way Hash and Use of a Broken or Risky Cryptographic Algorithm in io.github.javaezlib.JavaEZ | | |
| CVE-2022-29250 | SQL injection in GLPI | | |
| CVE-2022-29251 | Cross-site Scripting in the Flamingo theme manager | S | |
| CVE-2022-29252 | Cross-site Scripting in XWiki Platform Wiki UI Main Wiki | S | |
| CVE-2022-29253 | Path Traversal in XWiki Platform | S | |
| CVE-2022-29254 | Failed payment recorded has completed in silverstripe/silverstripe-omnipay | S | |
| CVE-2022-29255 | Multiple evaluation of contract address in call in vyper | E S | |
| CVE-2022-29256 | Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment | S | |
| CVE-2022-29257 | Electron's AutoUpdater module fails to validate certain nested components of the bundle | | |
| CVE-2022-29258 | Cross-site Scripting in Filter Stream Converter Application in XWiki Platform | S | |
| CVE-2022-29262 | Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user... | S | |
| CVE-2022-29263 | On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versio... | | |
| CVE-2022-29264 | An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may o... | S | |
| CVE-2022-29265 | Improper Restriction of XML External Entity References in Multiple Components | M | |
| CVE-2022-29266 | apisix/jwt-auth may leak secrets in error response | M | |
| CVE-2022-29268 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-29269 | In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to in... | | |
| CVE-2022-29270 | In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-... | | |
| CVE-2022-29271 | In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able t... | | |
| CVE-2022-29272 | In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could l... | | |
| CVE-2022-29273 | pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias U... | S | |
| CVE-2022-29275 | In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers coul... | | |
| CVE-2022-29276 | SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in Ah... | | |
| CVE-2022-29277 | Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modificatio... | | |
| CVE-2022-29278 | Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memor... | | |
| CVE-2022-29279 | Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice... | | |
| CVE-2022-29280 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-28366. Reason: This candidat... | R | |
| CVE-2022-29281 | Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clickin... | | |
| CVE-2022-29286 | Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and ... | | |
| CVE-2022-29287 | Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attac... | E | |
| CVE-2022-29296 | A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud Pro... | | |
| CVE-2022-29298 | SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal.... | E | |
| CVE-2022-29299 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidat... | R | |
| CVE-2022-29301 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidat... | R | |
| CVE-2022-29302 | SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php... | E | |
| CVE-2022-29303 | SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail... | KEV E | |
| CVE-2022-29304 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=de... | | |
| CVE-2022-29305 | imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost.... | E | |
| CVE-2022-29306 | IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter... | E | |
| CVE-2022-29307 | IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy... | E | |
| CVE-2022-29309 | mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.... | E | |
| CVE-2022-29315 | Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, i... | E | |
| CVE-2022-29316 | Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /... | | |
| CVE-2022-29317 | Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilitie... | | |
| CVE-2022-29318 | An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 ... | E | |
| CVE-2022-29320 | MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate... | E | |
| CVE-2022-29321 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /... | E | |
| CVE-2022-29322 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr... | E | |
| CVE-2022-29323 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /go... | E | |
| CVE-2022-29324 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /... | E | |
| CVE-2022-29325 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter paramet... | E | |
| CVE-2022-29326 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parame... | E | |
| CVE-2022-29327 | D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in ... | E | |
| CVE-2022-29328 | D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function che... | E | |
| CVE-2022-29329 | D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename pa... | E | |
| CVE-2022-29330 | Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to ac... | E | |
| CVE-2022-29332 | D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../.... | E | |
| CVE-2022-29333 | A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafte... | E | |
| CVE-2022-29334 | An issue in H v1.0 allows attackers to bypass authentication via a session replay attack.... | E | |
| CVE-2022-29337 | C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via t... | E | |
| CVE-2022-29339 | In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed asse... | E S | |
| CVE-2022-29340 | GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_mo... | E S | |
| CVE-2022-29347 | An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary comman... | E | |
| CVE-2022-29349 | kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url p... | E | |
| CVE-2022-29351 | An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attack... | E | |
| CVE-2022-29353 | An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows at... | E | |
| CVE-2022-29354 | An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers... | E | |
| CVE-2022-29358 | epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special... | E | |
| CVE-2022-29359 | A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of Scho... | E | |
| CVE-2022-29360 | The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message.... | E | |
| CVE-2022-29361 | Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform H... | S | |
| CVE-2022-29362 | A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allo... | E S | |
| CVE-2022-29363 | Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in ... | E | |
| CVE-2022-29368 | Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was discovered to contain an out-of-... | E S | |
| CVE-2022-29369 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at nj... | S | |
| CVE-2022-29376 | Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install di... | E | |
| CVE-2022-29377 | Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread fu... | E | |
| CVE-2022-29379 | Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loade... | E S | |
| CVE-2022-29380 | Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the ... | E | |
| CVE-2022-29383 | NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection v... | E | |
| CVE-2022-29391 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment pa... | E | |
| CVE-2022-29392 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment pa... | E | |
| CVE-2022-29393 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment pa... | E | |
| CVE-2022-29394 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress... | E | |
| CVE-2022-29395 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey p... | E | |
| CVE-2022-29396 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment pa... | E | |
| CVE-2022-29397 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment pa... | E | |
| CVE-2022-29398 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File param... | E | |
| CVE-2022-29399 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parame... | E | |
| CVE-2022-29402 | TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This... | E | |
| CVE-2022-29404 | Denial of service in mod_lua r:parsebody | | |
| CVE-2022-29405 | Apache Archiva Arbitrary user password reset vulnerability | | |
| CVE-2022-29406 | WordPress Team Manager plugin <= 1.6.9 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | E | |
| CVE-2022-29408 | WordPress Advanced Contact form 7 DB plugin <= 1.8.7 - Unauthenticated Persistent Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-29409 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2022-29410 | WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Authenticated SQL Injection (SQLi) vulnerability | S | |
| CVE-2022-29411 | WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Unauthenticated SQL Injection SQLi) vulnerability | S | |
| CVE-2022-29412 | WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | S | |
| CVE-2022-29413 | WordPress Hermit 音乐播放器 plugin <= 3.1.6 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-29414 | WordPress Subscribe To Comments Reloaded plugin <= 211130 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | S | |
| CVE-2022-29415 | WordPress Ravpage plugin <= 2.16 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-29416 | WordPress Afterpay Gateway for WooCommerce Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-29417 | WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability | S | |
| CVE-2022-29418 | WordPress Night Mode plugin <= 1.0.0 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-29419 | WordPress 3xSocializer plugin <= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability | S | |
| CVE-2022-29420 | WordPress Countdown & Clock plugin <= 2.3.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-29421 | WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-29422 | WordPress Countdown & Clock plugin <= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities | | |
| CVE-2022-29423 | WordPress Countdown & Clock plugin <= 2.3.2 - Pro Features Lock Bypass vulnerability | | |
| CVE-2022-29424 | WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-29425 | WordPress Checkout Files Upload for WooCommerce plugin <= 2.1.2 - Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-29426 | WordPress Slideshow, Image Slider by 2J plugin <= 1.3.54 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-29427 | WordPress Disable Right Click For WP plugin <= 1.1.6 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-29428 | WordPress WP Slider Plugin <= 1.4.5 - Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-29429 | WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) leading to Remote Code Execution (RCE) vulnerability | S | |
| CVE-2022-29430 | WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-29431 | Remove CPT base <= 5.8 - CSRF leads to CPT base deletion | S | |
| CVE-2022-29432 | WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2022-29433 | https://patchstack.com/database/vulnerability/nd-donations/wordpress-donations-plugin-1-8-authenticated-stored-cross-site-scripting-xss-vulnerability | S | |
| CVE-2022-29434 | WordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerability | S | |
| CVE-2022-29435 | WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-29436 | WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS) | S | |
| CVE-2022-29437 | WordPress Image Slider by NextCode plugin <= 1.1.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | | |
| CVE-2022-29438 | WordPress Image Slider by NextCode plugin <= 1.1.2 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-29439 | WordPress Image Slider by NextCode plugin <= 1.1.2 - Slider Deletion via Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-29440 | WordPress Promotion Slider plugin <= 3.3.4 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | | |
| CVE-2022-29441 | WordPress Private Messages For WordPress plugin <= 2.1.10 - Sending Messages via Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-29442 | Private Messages For WordPress <= 2.1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-29443 | WordPress Hotel Booking plugin <= 3.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | | |
| CVE-2022-29444 | WordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-29445 | WordPress Popup Box plugin <= 2.1.2 - Authenticated Local File Inclusion (LFI) vulnerability | S | |
| CVE-2022-29446 | WordPress Counter Box plugin <= 1.1.1 - Authenticated Local File Inclusion (LFI) vulnerability | S | |
| CVE-2022-29447 | WordPress Hover Effects plugin <= 2.1 - Authenticated Local File Inclusion (LFI) vulnerability | S | |
| CVE-2022-29448 | WordPress Herd Effects plugin <= 5.2 - Local File Inclusion (LFI) vulnerability | S | |
| CVE-2022-29449 | WordPress Opal Hotel Room Booking plugin <= 1.2.7 - Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-29450 | WordPress Admin Management Xtended plugin <= 2.4.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | S | |
| CVE-2022-29451 | WordPress Rara One Click Demo Import plugin <= 1.2.9 - Cross-Site Request Forgery (CSRF) leads to Arbitrary File Upload vulnerability | S | |
| CVE-2022-29452 | WordPress Export All URLs plugin <= 4.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-29453 | WordPress API KEY for Google Maps plugin <= 1.2.1 - CSRF vulnerability leading to Google Maps API key update | S | |
| CVE-2022-29454 | WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-29455 | WordPress Elementor plugin <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability | E S | |
| CVE-2022-29457 | Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and... | E S | |
| CVE-2022-29458 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_st... | E | |
| CVE-2022-29464 | Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attac... | KEV E | |
| CVE-2022-29465 | An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functiona... | E | |
| CVE-2022-29466 | Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allo... | | |
| CVE-2022-29467 | Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authent... | | |
| CVE-2022-29468 | A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3... | E | |
| CVE-2022-29469 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-29470 | Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authe... | | |
| CVE-2022-29471 | Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated a... | | |
| CVE-2022-29472 | An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality ... | E | |
| CVE-2022-29473 | On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versio... | | |
| CVE-2022-29474 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p... | | |
| CVE-2022-29475 | An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. i... | E | |
| CVE-2022-29476 | WordPress Notification Bar for WordPress plugin <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-29477 | An authentication bypass vulnerability exists in the web interface /action/factory* functionality of... | E | |
| CVE-2022-29478 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-29479 | On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions p... | | |
| CVE-2022-29480 | On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple r... | | |
| CVE-2022-29481 | A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InR... | E | |
| CVE-2022-29482 | 'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certif... | | |
| CVE-2022-29483 | e-Design - Multiple vulnerabilities | S | |
| CVE-2022-29484 | Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote ... | | |
| CVE-2022-29485 | Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attac... | S | |
| CVE-2022-29486 | Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded... | S | |
| CVE-2022-29487 | Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inj... | | |
| CVE-2022-29488 | Horner Automation Cscape Csfont | S | |
| CVE-2022-29489 | WordPress Sucuri Security plugin <= 1.8.33 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-29490 | A vulnerability exists in the Workplace X WebUI in which an authenticated user is able to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. | S | |
| CVE-2022-29491 | On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior... | | |
| CVE-2022-29492 | A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected conne ... | S | |
| CVE-2022-29493 | Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.... | | |
| CVE-2022-29494 | Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.9... | | |
| CVE-2022-29495 | WordPress Popup Builder plugin <= 4.1.11 - Cross-Site Request Forgery (CSRF) leading to plugin settings update | S | |
| CVE-2022-29496 | A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of... | E | |
| CVE-2022-29498 | Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an attacker could get a user to ... | M | |
| CVE-2022-29499 | The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code executi... | KEV | |
| CVE-2022-29500 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclos... | S | |
| CVE-2022-29501 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privi... | S | |
| CVE-2022-29502 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privi... | S | |
| CVE-2022-29503 | A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.... | E | |
| CVE-2022-29504 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2022-29505 | Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DL... | | |
| CVE-2022-29506 | Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SF... | | |
| CVE-2022-29507 | Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions ma... | | |
| CVE-2022-29508 | Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authen... | | |
| CVE-2022-29509 | Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Da... | | |
| CVE-2022-29510 | Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.... | | |
| CVE-2022-29511 | A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles funct... | E | |
| CVE-2022-29512 | Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu ... | | |
| CVE-2022-29513 | Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote aut... | | |
| CVE-2022-29514 | Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenti... | S | |
| CVE-2022-29515 | Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_... | | |
| CVE-2022-29516 | The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, ... | | |
| CVE-2022-29517 | A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of... | E | |
| CVE-2022-29518 | Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen C... | | |
| CVE-2022-29519 | Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and F... | M | |
| CVE-2022-29520 | An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Sy... | E | |
| CVE-2022-29522 | Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' ... | | |
| CVE-2022-29523 | Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may ... | | |
| CVE-2022-29524 | Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13... | | |
| CVE-2022-29525 | Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remot... | | |
| CVE-2022-29526 | Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a no... | E S | |
| CVE-2022-29527 | Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows lo... | E S | |
| CVE-2022-29528 | An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.... | E S | |
| CVE-2022-29529 | An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.... | E S | |
| CVE-2022-29530 | An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.... | E S | |
| CVE-2022-29531 | An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag nam... | E S | |
| CVE-2022-29532 | An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administra... | E S | |
| CVE-2022-29533 | An issue was discovered in MISP before 2.4.158. There is XSS in app/Controller/OrganisationsControll... | S | |
| CVE-2022-29534 | An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be... | E S | |
| CVE-2022-29535 | Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports.... | S | |
| CVE-2022-29536 | In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer ove... | S | |
| CVE-2022-29537 | gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as d... | E | |
| CVE-2022-29538 | RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenti... | | |
| CVE-2022-29539 | resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly chec... | | |
| CVE-2022-29540 | resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote att... | | |
| CVE-2022-29546 | HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input... | | |
| CVE-2022-29547 | The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the use... | | |
| CVE-2022-29548 | A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Ma... | E | |
| CVE-2022-29549 | An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnam... | | |
| CVE-2022-29550 | An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log... | | |
| CVE-2022-29555 | The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows... | | |
| CVE-2022-29556 | The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF becau... | | |
| CVE-2022-29557 | LexisNexis Firco Compliance Link 3.7 allows CSRF.... | | |
| CVE-2022-29558 | Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface.... | | |
| CVE-2022-29560 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX M... | S | |
| CVE-2022-29561 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2022-29562 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2022-29564 | Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user ca... | | |
| CVE-2022-29566 | The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fail... | E | |
| CVE-2022-29567 | Possible information disclosure inside TreeGrid component with default data provider | S | |
| CVE-2022-29577 | OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. T... | S | |
| CVE-2022-29578 | Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sen... | | |
| CVE-2022-29580 | Path Traversal in Android Google Search App | E | |
| CVE-2022-29581 | Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker ... | E S | |
| CVE-2022-29582 | In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_... | E S | |
| CVE-2022-29583 | service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed fo... | S | |
| CVE-2022-29584 | Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading S... | | |
| CVE-2022-29585 | In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulne... | | |
| CVE-2022-29586 | Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach ... | | |
| CVE-2022-29587 | Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes ... | E | |
| CVE-2022-29588 | Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/... | | |
| CVE-2022-29589 | Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and... | S | |
| CVE-2022-29591 | Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.... | | |
| CVE-2022-29592 | Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_ro... | E | |
| CVE-2022-29593 | relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to rep... | E | |
| CVE-2022-29594 | eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.... | E | |
| CVE-2022-29596 | MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and... | E | |
| CVE-2022-29597 | Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI... | E | |
| CVE-2022-29598 | Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site S... | E | |
| CVE-2022-29599 | Commandline class shell injection vulnerabilities | S | |
| CVE-2022-29600 | The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection.... | S | |
| CVE-2022-29601 | The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection.... | S | |
| CVE-2022-29602 | The gridelements (aka Grid Elements) extension through 7.6.1, 8.x through 8.7.0, 9.x through 9.7.0, ... | S | |
| CVE-2022-29603 | A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parame... | E S | |
| CVE-2022-29604 | An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the C... | E | |
| CVE-2022-29605 | An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an i... | E | |
| CVE-2022-29606 | An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, w... | E | |
| CVE-2022-29607 | An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source an... | E | |
| CVE-2022-29608 | An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its pa... | E | |
| CVE-2022-29609 | An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INST... | E | |
| CVE-2022-29610 | SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and... | | |
| CVE-2022-29611 | SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization c... | | |
| CVE-2022-29612 | SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85... | | |
| CVE-2022-29613 | Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker wit... | | |
| CVE-2022-29614 | SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform ... | E | |
| CVE-2022-29615 | SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the loggin... | | |
| CVE-2022-29616 | SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memo... | | |
| CVE-2022-29617 | Due to improper error handling an authenticated user can crash CLA assistant instance. This could im... | | |
| CVE-2022-29618 | Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Reposito... | | |
| CVE-2022-29619 | Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 a... | | |
| CVE-2022-29620 | FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via... | E | |
| CVE-2022-29622 | An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary co... | E | |
| CVE-2022-29623 | An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0... | E | |
| CVE-2022-29624 | An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to ex... | E | |
| CVE-2022-29627 | An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modi... | E | |
| CVE-2022-29628 | A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows a... | E | |
| CVE-2022-29631 | Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the component... | E | |
| CVE-2022-29632 | An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v... | E | |
| CVE-2022-29633 | An access control issue in Linglong v1.0 allows attackers to access the background of the applicatio... | | |
| CVE-2022-29637 | An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary c... | E | |
| CVE-2022-29638 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a sta... | E | |
| CVE-2022-29639 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a com... | E | |
| CVE-2022-29640 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a sta... | E | |
| CVE-2022-29641 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a sta... | E | |
| CVE-2022-29642 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a sta... | E | |
| CVE-2022-29643 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a sta... | E | |
| CVE-2022-29644 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a har... | E | |
| CVE-2022-29645 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a har... | E | |
| CVE-2022-29646 | An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allow... | E | |
| CVE-2022-29647 | An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator a... | E | |
| CVE-2022-29648 | A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrar... | E | |
| CVE-2022-29649 | Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.... | | |
| CVE-2022-29650 | Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Sea... | | |
| CVE-2022-29651 | An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v... | | |
| CVE-2022-29652 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?... | E | |
| CVE-2022-29653 | OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ... | | |
| CVE-2022-29654 | Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attacke... | E | |
| CVE-2022-29655 | An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0... | E | |
| CVE-2022-29656 | Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | | |
| CVE-2022-29659 | Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id param... | E | |
| CVE-2022-29660 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-29661 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the... | E | |
| CVE-2022-29662 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-29663 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-29664 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-29665 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-29666 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-29667 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.ph... | E | |
| CVE-2022-29669 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-29670 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-29676 | CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-29680 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the... | E | |
| CVE-2022-29681 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the... | E | |
| CVE-2022-29682 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the... | E | |
| CVE-2022-29683 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the... | E | |
| CVE-2022-29684 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the... | E | |
| CVE-2022-29685 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the... | E | |
| CVE-2022-29686 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the... | E | |
| CVE-2022-29687 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the... | E | |
| CVE-2022-29688 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the... | E | |
| CVE-2022-29689 | CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the... | E | |
| CVE-2022-29692 | Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function... | E | |
| CVE-2022-29693 | Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_clos... | E S | |
| CVE-2022-29694 | Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ra... | E S | |
| CVE-2022-29695 | Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initializatio... | E S | |
| CVE-2022-29700 | A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long pas... | S | |
| CVE-2022-29701 | A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send a... | S | |
| CVE-2022-29704 | BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability.... | E | |
| CVE-2022-29709 | CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vuln... | E | |
| CVE-2022-29710 | A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allow... | S | |
| CVE-2022-29711 | LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the compon... | S | |
| CVE-2022-29712 | LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the servic... | S | |
| CVE-2022-29718 | Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attack... | S | |
| CVE-2022-29720 | 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \ind... | E | |
| CVE-2022-29721 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at ... | E | |
| CVE-2022-29725 | An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute... | E | |
| CVE-2022-29727 | Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability... | E | |
| CVE-2022-29728 | Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerabil... | | |
| CVE-2022-29729 | Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password genera... | E | |
| CVE-2022-29730 | USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentia... | E | |
| CVE-2022-29731 | An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of o... | | |
| CVE-2022-29732 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-sit... | E | |
| CVE-2022-29733 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store ... | E | |
| CVE-2022-29734 | A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers... | | |
| CVE-2022-29735 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary... | E | |
| CVE-2022-29738 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transactio... | E | |
| CVE-2022-29739 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manag... | E | |
| CVE-2022-29741 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=d... | E | |
| CVE-2022-29745 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=d... | E | |
| CVE-2022-29746 | Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=de... | E | |
| CVE-2022-29747 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/mana... | E | |
| CVE-2022-29748 | Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage... | E | |
| CVE-2022-29749 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=del... | E | |
| CVE-2022-29750 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=del... | E | |
| CVE-2022-29751 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=del... | E | |
| CVE-2022-29767 | adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic ... | E | |
| CVE-2022-29770 | XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-... | E | |
| CVE-2022-29773 | An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSI... | | |
| CVE-2022-29774 | iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal.... | E | |
| CVE-2022-29775 | iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.... | | |
| CVE-2022-29776 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a... | E S | |
| CVE-2022-29777 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a... | E S | |
| CVE-2022-29778 | D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-... | E | |
| CVE-2022-29779 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_en... | E S | |
| CVE-2022-29780 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_protot... | E S | |
| CVE-2022-29784 | PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sy... | E S | |
| CVE-2022-29788 | libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. T... | S | |
| CVE-2022-29789 | The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Suc... | | |
| CVE-2022-29790 | The graphics acceleration service has a vulnerability in multi-thread access to the database.Success... | | |
| CVE-2022-29791 | The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Success... | | |
| CVE-2022-29792 | The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnera... | | |
| CVE-2022-29793 | There is a configuration defect in the activation lock of mobile phones.Successful exploitation of t... | | |
| CVE-2022-29794 | The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this... | | |
| CVE-2022-29795 | The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of... | | |
| CVE-2022-29796 | The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Success... | | |
| CVE-2022-29797 | There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of t... | | |
| CVE-2022-29798 | There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploi... | | |
| CVE-2022-29799 | A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitize... | E S | |
| CVE-2022-29800 | A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. ... | E | |
| CVE-2022-29801 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.... | S | |
| CVE-2022-29804 | Path traversal via Clean on Windows in path/filepath | | |
| CVE-2022-29805 | A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 al... | E | |
| CVE-2022-29806 | ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a ... | E S | |
| CVE-2022-29807 | A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12... | | |
| CVE-2022-29808 | In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs w... | | |
| CVE-2022-29810 | The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.... | S | |
| CVE-2022-29811 | In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.... | | |
| CVE-2022-29812 | In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality ... | | |
| CVE-2022-29813 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible... | | |
| CVE-2022-29814 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON s... | | |
| CVE-2022-29815 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible... | | |
| CVE-2022-29816 | In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible... | | |
| CVE-2022-29817 | In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was... | | |
| CVE-2022-29818 | In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed... | | |
| CVE-2022-29819 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was p... | | |
| CVE-2022-29820 | In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possibl... | | |
| CVE-2022-29821 | In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was... | | |
| CVE-2022-29822 | Feathers - Improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection | | |
| CVE-2022-29823 | Feathers - Query “__proto__” is converted to real prototype | | |
| CVE-2022-29824 | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer... | E S | |
| CVE-2022-29825 | Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.... | M | |
| CVE-2022-29826 | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions f... | M | |
| CVE-2022-29827 | Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.0... | M | |
| CVE-2022-29828 | Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.0... | M | |
| CVE-2022-29829 | Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.0... | M | |
| CVE-2022-29830 | Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.0... | M | |
| CVE-2022-29831 | Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from ... | M | |
| CVE-2022-29832 | Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporatio... | M | |
| CVE-2022-29833 | Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 vers... | M | |
| CVE-2022-29834 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICON... | | |
| CVE-2022-29835 | WD Discovery's Use of Weak Hashing Algorithm for Code Signing | S | |
| CVE-2022-29836 | Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API | S | |
| CVE-2022-29837 | Path traversal Vulnerability in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Devices | S | |
| CVE-2022-29838 | Authentication issue with the encrypted volumes and auto mount feature in My Cloud devices | S | |
| CVE-2022-29839 | Remote Backups Application Discloses Stored Credentials | S | |
| CVE-2022-29840 | Server Side Request Forgery Vulnerability in Western Digital My Cloud Devices | S | |
| CVE-2022-29841 | OS Command Injection vulnerability in Western Digital My Cloud devices | S | |
| CVE-2022-29842 | Command Injection Vulnerability in Western Digital My Cloud devices | S | |
| CVE-2022-29843 | Western Digital My Cloud OS 5 devices Command Injection Vulnerability | S | |
| CVE-2022-29844 | Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp | S | |
| CVE-2022-29845 | In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authentic... | | |
| CVE-2022-29846 | In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthentic... | | |
| CVE-2022-29847 | In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthent... | | |
| CVE-2022-29848 | In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authentic... | | |
| CVE-2022-29849 | In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdg... | S | |
| CVE-2022-29850 | Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affecte... | | |
| CVE-2022-29851 | documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, a... | | |
| CVE-2022-29852 | OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-freehand are not blocked.... | | |
| CVE-2022-29853 | OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire M... | | |
| CVE-2022-29854 | A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and e... | E | |
| CVE-2022-29855 | Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A... | E | |
| CVE-2022-29856 | A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA package... | E | |
| CVE-2022-29858 | Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows p... | E S | |
| CVE-2022-29859 | component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mish... | S | |
| CVE-2022-29862 | An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the appli... | S | |
| CVE-2022-29863 | OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message th... | S | |
| CVE-2022-29864 | OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large ... | S | |
| CVE-2022-29865 | OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check v... | S | |
| CVE-2022-29866 | OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a se... | S | |
| CVE-2022-29868 | 1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Mal... | | |
| CVE-2022-29869 | cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = ... | S | |
| CVE-2022-29870 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-29871 | Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow ... | | |
| CVE-2022-29872 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions <... | S | |
| CVE-2022-29873 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions <... | S | |
| CVE-2022-29874 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions <... | S | |
| CVE-2022-29875 | A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD... | M | |
| CVE-2022-29876 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions <... | S | |
| CVE-2022-29877 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions <... | S | |
| CVE-2022-29878 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions <... | S | |
| CVE-2022-29879 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions <... | S | |
| CVE-2022-29880 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions <... | S | |
| CVE-2022-29881 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions <... | S | |
| CVE-2022-29882 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions <... | S | |
| CVE-2022-29883 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions <... | S | |
| CVE-2022-29884 | A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC8... | S | |
| CVE-2022-29885 | EncryptInterceptor does not provide complete protection on insecure networks | S | |
| CVE-2022-29886 | An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A spec... | E | |
| CVE-2022-29887 | Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may ... | | |
| CVE-2022-29888 | A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand... | E | |
| CVE-2022-29889 | A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota A... | E | |
| CVE-2022-29890 | In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Sc... | | |
| CVE-2022-29891 | Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remo... | | |
| CVE-2022-29892 | Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote aut... | | |
| CVE-2022-29893 | Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12... | | |
| CVE-2022-29894 | Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file uploa... | | |
| CVE-2022-29895 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-29896 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-29897 | Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT | | |
| CVE-2022-29898 | Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT | | |
| CVE-2022-29899 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-29900 | Mis-trained branch predictions for return instructions may allow arbitrary speculative code executio... | | |
| CVE-2022-29901 | Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed) | | |
| CVE-2022-29903 | The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae... | E S | |
| CVE-2022-29904 | The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53... | E S | |
| CVE-2022-29905 | The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4... | E S | |
| CVE-2022-29906 | The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa116... | E S | |
| CVE-2022-29907 | The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allow... | E S | |
| CVE-2022-29908 | The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalat... | | |
| CVE-2022-29909 | Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to... | | |
| CVE-2022-29910 | When closed or sent to the background, Firefox for Android would not properly record and persist HST... | E | |
| CVE-2022-29911 | An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-acti... | | |
| CVE-2022-29912 | Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This... | E | |
| CVE-2022-29913 | The parent process would not properly check whether the Speech Synthesis feature is enabled, when re... | | |
| CVE-2022-29914 | When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI... | | |
| CVE-2022-29915 | The Performance API did not properly hide the fact whether a request cross-origin resource has obser... | E | |
| CVE-2022-29916 | Firefox behaved slightly differently for already known resources when loading CSS resources involvin... | E | |
| CVE-2022-29917 | Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team report... | E | |
| CVE-2022-29918 | Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safet... | | |
| CVE-2022-29919 | Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated us... | | |
| CVE-2022-29920 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-29921 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-29922 | A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ... | S | |
| CVE-2022-29923 | WordPress Quick Restaurant Reservations plugin <= 1.4.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-29924 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-29925 | Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphi... | | |
| CVE-2022-29926 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-29927 | In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible... | | |
| CVE-2022-29928 | In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible... | | |
| CVE-2022-29929 | In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible... | | |
| CVE-2022-29930 | SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed... | S | |
| CVE-2022-29931 | The administration interface of the Raytion Custom Security Manager (Raytion CSM) in Version 7.2.0 a... | | |
| CVE-2022-29932 | The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to ob... | E | |
| CVE-2022-29933 | Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid user... | E | |
| CVE-2022-29934 | USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users... | E | |
| CVE-2022-29935 | USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an ag... | E | |
| CVE-2022-29936 | USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execut... | E | |
| CVE-2022-29937 | USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent roo... | E | |
| CVE-2022-29938 | In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\... | E | |
| CVE-2022-29939 | In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\bi... | E | |
| CVE-2022-29940 | In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface... | E | |
| CVE-2022-29942 | Talend Administration Center has a vulnerability that allows an authenticated user to use the Servic... | | |
| CVE-2022-29943 | Talend Administration Center has a vulnerability that allows an authenticated user to use XML Extern... | | |
| CVE-2022-29944 | An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intent... | E | |
| CVE-2022-29945 | DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operat... | | |
| CVE-2022-29946 | NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to... | | |
| CVE-2022-29947 | Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vu... | S | |
| CVE-2022-29948 | Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an auth... | E | |
| CVE-2022-29950 | Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the ... | E | |
| CVE-2022-29951 | JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protoco... | M | |
| CVE-2022-29952 | Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utiliz... | M | |
| CVE-2022-29953 | The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance... | M | |
| CVE-2022-29957 | The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It... | | |
| CVE-2022-29958 | JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated... | | |
| CVE-2022-29959 | Emerson OpenBSI through 2022-04-29 mishandles credential storage. It is an engineering environment f... | M | |
| CVE-2022-29960 | Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ... | | |
| CVE-2022-29962 | The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misu... | | |
| CVE-2022-29963 | The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misu... | | |
| CVE-2022-29964 | The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misu... | | |
| CVE-2022-29965 | The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misu... | | |
| CVE-2022-29967 | static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.... | S | |
| CVE-2022-29968 | An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks i... | S | |
| CVE-2022-29969 | The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $... | E S | |
| CVE-2022-29970 | Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static... | S | |
| CVE-2022-29971 | An argument injection vulnerability in the browser-based authentication component of the Magnitude S... | | |
| CVE-2022-29972 | An argument injection vulnerability in the browser-based authentication component of the Magnitude S... | | |
| CVE-2022-29973 | relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the... | E | |
| CVE-2022-29974 | AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer over... | | |
| CVE-2022-29975 | An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.... | | |
| CVE-2022-29976 | An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22... | | |
| CVE-2022-29977 | There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixe... | E | |
| CVE-2022-29978 | There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2... | E | |
| CVE-2022-29979 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=del... | E | |
| CVE-2022-29980 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_... | E | |
| CVE-2022-29981 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=dele... | E | |
| CVE-2022-29982 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage... | E | |
| CVE-2022-29983 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view... | E | |
| CVE-2022-29984 | Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_... | E | |
| CVE-2022-29985 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php... | E | |
| CVE-2022-29986 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php... | E | |
| CVE-2022-29987 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/m... | E | |
| CVE-2022-29988 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php... | E | |
| CVE-2022-29989 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php... | E | |
| CVE-2022-29990 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/v... | E | |
| CVE-2022-29992 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/m... | E | |
| CVE-2022-29993 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/vie... | E | |
| CVE-2022-29994 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facili... | E | |
| CVE-2022-29995 | Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=client... | E | |
| CVE-2022-29998 | Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?clien... | E | |
| CVE-2022-29999 | Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_... | E |