| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-31000 | CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend | E S | |
| CVE-2022-31001 | Out-of-bounds Read in Sofia-SIP | E S | |
| CVE-2022-31002 | Out-of-bounds Read in Sofia-SIP | E S | |
| CVE-2022-31003 | Heap-based Buffer Overflow and Out-of-bounds Write in Sofia-SIP | E S | |
| CVE-2022-31004 | Potential secrets being logged to disk in CVE Services | E | |
| CVE-2022-31005 | Integer Overflow in Vapor's HTTP Range Request | E S | |
| CVE-2022-31006 | Hyperledger Indy DOS vulnerability | S | |
| CVE-2022-31007 | Privilege escalation from administrator in eLabFTW | | |
| CVE-2022-31008 | Predictable credential obfuscation seed value used in rabbitmq-server | S | |
| CVE-2022-31009 | DoS vulnerability: Invalid Accent Colors | S | |
| CVE-2022-31011 | TiDB authentication bypass vulnerability | M | |
| CVE-2022-31012 | Git for Windows' installer can be tricked into executing an untrusted binary | M | |
| CVE-2022-31013 | Authentication bypass in Vartalap chat-server | S | |
| CVE-2022-31014 | SMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server | E S | |
| CVE-2022-31015 | Uncaught Exception (due to a data race) leads to process termination in Waitress | E S | |
| CVE-2022-31016 | Argo CD vulnerable to Uncontrolled Memory Consumption | S | |
| CVE-2022-31017 | Expression Always True vulnerability in Zulip Server | | |
| CVE-2022-31018 | Denial of service binding form from JSON in Play Framework | S | |
| CVE-2022-31019 | DoS Vulnerability in URLEncodedFormDecoder in Vapor | E S | |
| CVE-2022-31020 | Remote code execution in Indy's NODE_UPGRADE transaction | S | |
| CVE-2022-31021 | Unlinkability broken in ursa when verifiers use malicious keys | E | |
| CVE-2022-31022 | Missing Role Based Access Control for the REST handlers in bleve/http package | S | |
| CVE-2022-31023 | Dev error stack trace leaking into prod in Play Framework | S | |
| CVE-2022-31024 | Federated editing allows iframing remote servers by default in richdocuments | S | |
| CVE-2022-31025 | Invite bypasses user approval in Discourse | S | |
| CVE-2022-31026 | Use of Uninitialized Variable in trilogy | S | |
| CVE-2022-31027 | Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator | | |
| CVE-2022-31028 | Possible DDOS by establishing keep-alive connections with anonymous HTTP clients in MinIO | E S | |
| CVE-2022-31029 | Authenticated XSS in Pi-hole AdminLTE | S | |
| CVE-2022-31030 | containerd CRI plugin: Host memory exhaustion through ExecSync | | |
| CVE-2022-31031 | Potential stack buffer overflow when parsing message as a STUN client | S | |
| CVE-2022-31032 | Resources of private projects can be exposed in Tuleap | S | |
| CVE-2022-31033 | Authorization header leak in rubygem Mechanize | S | |
| CVE-2022-31034 | Insecure entropy in argo-cd | S | |
| CVE-2022-31035 | External URLs for Deployments can include javascript in argo-cd | S | |
| CVE-2022-31036 | Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server | S | |
| CVE-2022-31037 | OroCommerce vulnerable to Cross-site Scripting via Shipping rule editing page | | |
| CVE-2022-31038 | XSS vulnerability in repository issue list in Gogs | S | |
| CVE-2022-31039 | Improper privilege management - Anyone can view room settings in GreenLight | S | |
| CVE-2022-31040 | Open Redirect in open-forms | S | |
| CVE-2022-31041 | Insufficient content-type validation for uploaded files in open-forms | S | |
| CVE-2022-31042 | Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle | S | |
| CVE-2022-31043 | Fix failure to strip Authorization header on HTTP downgrade in Guzzle | S | |
| CVE-2022-31044 | Plaintext Storage of Keys and Passwords in Rundeck and PagerDuty Process Automation | M | |
| CVE-2022-31045 | Ill-formed headers may lead to unexpected behavior in Istio | | |
| CVE-2022-31046 | Information Disclosure via Export Module in TYPO3 CMS | S | |
| CVE-2022-31047 | Insertion of Sensitive Information into Log File in typo3/cms-core | S | |
| CVE-2022-31048 | Cross-Site Scripting in Form Framework | S | |
| CVE-2022-31049 | Cross-Site Scripting in Frontend Login Mailer | S | |
| CVE-2022-31050 | Insufficient Session Expiration in TYPO3 Admin Tool | S | |
| CVE-2022-31051 | Exposure of Sensitive Information to an Unauthorized Actor in semantic-release | S | |
| CVE-2022-31052 | URL previews can crash Synapse media repositories or Synapse monoliths | S | |
| CVE-2022-31053 | Signature forgery in Biscuit | E | |
| CVE-2022-31054 | Uses of deprecated API can be used to cause DoS in user-facing endpoints in Argo Events | S | |
| CVE-2022-31055 | Improper Access Control in kctf | S | |
| CVE-2022-31056 | SQL injection with _actor parameter in GLPI | | |
| CVE-2022-31057 | Authenticated Stored XSS in Shopware Administration | S | |
| CVE-2022-31058 | SQL injection via the field name of a tracker in Tuleap | S | |
| CVE-2022-31059 | Discourse Calendar Event names susceptible to Cross-site Scripting | S | |
| CVE-2022-31060 | Banner topic data is exposed on login-required Discourse sites | S | |
| CVE-2022-31061 | SQL injection on login page in GLPI | S | |
| CVE-2022-31062 | Unauthenticated Local File Inclusion | | |
| CVE-2022-31063 | Cross site scripting via the title of a document in Tuleap | S | |
| CVE-2022-31064 | Cross site scripting in username that will trigger by sending chat | E S | |
| CVE-2022-31065 | Cross site scripting vulnerability for private chat in bigbluebutton | S | |
| CVE-2022-31066 | Configuration API in EdgeXFoundry exposes message bus credentials to local unauthenticated users | S | |
| CVE-2022-31068 | Sensitive Data Exposure on Refused Inventory Files in GLPI | S | |
| CVE-2022-31069 | Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy | S | |
| CVE-2022-31070 | Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy | S | |
| CVE-2022-31071 | Octopoller gem published with world-writable files | S | |
| CVE-2022-31072 | Octokit gem published with world-writable files | S | |
| CVE-2022-31073 | KubeEdge Edge ServiceBus module DoS | E S | |
| CVE-2022-31074 | KubeEdge Cloud AdmissionController component DoS | | |
| CVE-2022-31075 | KubeEdge DoS when signing the CSR from EdgeCore | | |
| CVE-2022-31076 | Malicious Message can crash CloudCore in KubeEdge | E S | |
| CVE-2022-31077 | Malicious response from KubeEdge can crash CSI Driver controller server | S | |
| CVE-2022-31078 | KubeEdge CloudCore Router memory exhaustion | | |
| CVE-2022-31079 | KubeEdge Cloud Stream and Edge Stream DoS from large stream message | | |
| CVE-2022-31080 | KubeEdge Websocket Client in package Viaduct: DoS from large response message | | |
| CVE-2022-31081 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in HTTP::Daemon | E S | |
| CVE-2022-31082 | SQL Injection via package deployment tasks in glpi-inventory-plugin | S | |
| CVE-2022-31083 | Authentication bypass in Parse Server Apple Game Center auth adapter | S | |
| CVE-2022-31084 | Unauthenticated Remote Code Execution in ldap-account-manager | E S | |
| CVE-2022-31085 | Missing Encryption of Sensitive Data in ldap-account-manager | S | |
| CVE-2022-31086 | Incorrect Regular Expressions in ldap-account-manager | S | |
| CVE-2022-31087 | Incorrect Default Permissions in ldap-account-manager | S | |
| CVE-2022-31088 | Unauthenticated LDAP Injection in ldap-account-manager | S | |
| CVE-2022-31089 | Invalid file request can crashe parse-server | S | |
| CVE-2022-31090 | CURLOPT_HTTPAUTH option not cleared on change of origin in Guzzle | S | |
| CVE-2022-31091 | Change in port should be considered a change in origin in Guzzle | S | |
| CVE-2022-31092 | SQL injection in pimcore | E S | |
| CVE-2022-31093 | Improper Handling of `callbackUrl` parameter in next-auth | S | |
| CVE-2022-31094 | Cross site scripting vulnerability in ScratchTools | S | |
| CVE-2022-31095 | Exposure of Sensitive Information in discourse-chat | | |
| CVE-2022-31096 | Invites restricted to an email or invite links restricted to an email domain may be bypassed by a under certain conditions in Discourse | | |
| CVE-2022-31097 | Stored XSS in Grafana's Unified Alerting | | |
| CVE-2022-31098 | Weave GitOps leaked cluster credentials into logs on connection errors | S | |
| CVE-2022-31099 | Uncontrolled Recursion in rulex | S | |
| CVE-2022-31100 | Reachable Assertion in rulex | S | |
| CVE-2022-31101 | SQL Injection in prestashop/blockwishlist | E S | |
| CVE-2022-31102 | Cross-site Scripting for Argo CD single sign on users | | |
| CVE-2022-31103 | Improper handling of CSS at-rules in lettersanitizer | S | |
| CVE-2022-31104 | Miscompilation of `i8x16.swizzle` and `select` with v128 inputs in Wasmtime | S | |
| CVE-2022-31105 | Argo CD's certificate verification is skipped for connections to OIDC providers | | |
| CVE-2022-31106 | Prototype Pollution in underscore.deep | E S | |
| CVE-2022-31107 | Grafana account takeover via OAuth vulnerability | | |
| CVE-2022-31108 | Arbitrary `CSS` injection into the generated graph affecting the container HTML in mermaid.js | E S | |
| CVE-2022-31109 | HTTP Host Header Attack Vulnerability in laminas-diactoros | S | |
| CVE-2022-31110 | Denial of Service (DoS) vulnerability in RSSHub | E S | |
| CVE-2022-31111 | Discrepency in transfer value and actual value due to incorrect truncation in Frontier | S | |
| CVE-2022-31112 | Protected fields exposed via LiveQuery in parse-server | S | |
| CVE-2022-31113 | Cross-Site Scripting in Canarytoken history | S | |
| CVE-2022-31115 | Unsafe YAML deserialization in opensearch-ruby | E S | |
| CVE-2022-31116 | Incorrect handling of invalid surrogate pair characters in ujson | E S | |
| CVE-2022-31117 | Double free of buffer during string decoding in ujson | S | |
| CVE-2022-31118 | Missing brute force protection on cloud federation sharing in Nextcloud Server | S | |
| CVE-2022-31119 | Password disclosure in log file in Nextcloud Mail App | S | |
| CVE-2022-31120 | Federated share accepting/declining is not logged in audit log in Nextcloud Server | S | |
| CVE-2022-31121 | Improper Input Validation in fabric hyperledger | S | |
| CVE-2022-31122 | Wire-server vulnerable to Token Recipient Confusion resulting in account impersonation, deletion or malicious account creation | | |
| CVE-2022-31123 | Grafana plugin signature bypass vulnerability | S | |
| CVE-2022-31124 | Possible leak of key's raw field if declared length is incorrect in openssh_key_parser | E S | |
| CVE-2022-31125 | Authentication Bypass in Roxy-wi | | |
| CVE-2022-31126 | Unauthenticated Remote Code Execution in Roxy-wi | | |
| CVE-2022-31127 | Improper handling of email input in next-auth | E S | |
| CVE-2022-31128 | Fine grained permissions are not checked in Tuleap | S | |
| CVE-2022-31129 | Inefficient Regular Expression Complexity in moment | E S | |
| CVE-2022-31130 | Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins | S | |
| CVE-2022-31131 | Ownership check missing when updating or deleting mail attachments in Nextcloud mail | E S | |
| CVE-2022-31132 | Unauthenticated SSRF in 3rd party module "cerdic/csstidy" | | |
| CVE-2022-31133 | Cross site scripting in HumHub | S | |
| CVE-2022-31134 | Zulip Server public data export contains attachments that are non-public | | |
| CVE-2022-31135 | Maliciously crafted evidence packet may cause denial of service | S | |
| CVE-2022-31136 | Cross-site Scripting in BookWyrm | S | |
| CVE-2022-31137 | Unauthenticated Remote Code Execution in Roxy-WI | E S | |
| CVE-2022-31138 | OS Command Injection in mailcow | E S | |
| CVE-2022-31139 | No security checking for UnsafeAccess.getInstance() in UnsafeAccessor | S | |
| CVE-2022-31140 | Valinor error messages leading to potential data exfiltration | E | |
| CVE-2022-31142 | Potential Timing Attack Vector in @fastify/bearer-auth | S | |
| CVE-2022-31143 | Leak of sensitive information through login page error in GLPI | S | |
| CVE-2022-31144 | Potential heap overflow in Redis | | |
| CVE-2022-31145 | Insufficient AccessToken Expiration Check in FlyteAdmin | S | |
| CVE-2022-31146 | Use After Free in Wasmtime | M | |
| CVE-2022-31147 | jquery-validation ReDoS in url2 due to incomplete fix of CVE-2021-43306 | S | |
| CVE-2022-31148 | Persistent cross site scripting in customer module in Shopware | S | |
| CVE-2022-31149 | ActivityWatch vulnerable to DNS rebinding attack | E | |
| CVE-2022-31150 | CRLF injection in request headers | E | |
| CVE-2022-31151 | Uncleared cookies on cross-host/cross-origin redirect in undici | E | |
| CVE-2022-31152 | Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules | S | |
| CVE-2022-31153 | OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli | E S | |
| CVE-2022-31154 | Indirect Object Access in Sourcegraph Code Monitoring | S | |
| CVE-2022-31155 | Unauthorized overwriting of saved searches in Sourcegraph | S | |
| CVE-2022-31156 | Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed | | |
| CVE-2022-31157 | Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library | | |
| CVE-2022-31158 | Authentication Bypass by Capture-replay in packbackbooks/lti-1-3-php-library | | |
| CVE-2022-31159 | Partial Path Traversal in com.amazonaws:aws-java-sdk-s3 | E | |
| CVE-2022-31160 | jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label | E S | |
| CVE-2022-31161 | Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload | | |
| CVE-2022-31162 | Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs | | |
| CVE-2022-31163 | TZInfo relative path traversal vulnerability allows loading of arbitrary files | E S | |
| CVE-2022-31164 | Tovy before v0.7.51 vulnerable to users logging in as and impersonating other users | S | |
| CVE-2022-31166 | XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups | E S | |
| CVE-2022-31167 | XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference | E | |
| CVE-2022-31168 | Zulip Server insufficient authorization for changing bot roles | S | |
| CVE-2022-31169 | Cranelift vulnerable to miscompilation of constant values in division on AArch64 | S | |
| CVE-2022-31170 | OpenZeppelin Contracts's ERC165Checker may revert instead of returning false | S | |
| CVE-2022-31171 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-31159. Reason: This candidat... | R | |
| CVE-2022-31172 | OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers | S | |
| CVE-2022-31173 | Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow | E S | |
| CVE-2022-31175 | Cross-site scripting caused by the editor instance destroying process in ckeditor5 | | |
| CVE-2022-31176 | Grafana Image Renderer leaking files | S | |
| CVE-2022-31177 | Possible to infer sensitive information through query strings in Flask-AppBuilder | | |
| CVE-2022-31178 | Improper Authorization in eLabFTW | | |
| CVE-2022-31179 | Insufficient escaping of line feeds for CMD in shescape | E S | |
| CVE-2022-31180 | Insufficient escaping of whitespace in shescape | E S | |
| CVE-2022-31181 | Remote code execution in prestashop | S | |
| CVE-2022-31182 | Cache poisoning via maliciously-formed request in Discourse | S | |
| CVE-2022-31183 | mTLS client verification is skipped in fs2 on Node.js | E S | |
| CVE-2022-31184 | Email activation route can be abused by spammers in Discourse | S | |
| CVE-2022-31185 | Email addresses are not hidden regardless of selected state in mprweb | S | |
| CVE-2022-31186 | Leakage of excessive information into log in next-auth | | |
| CVE-2022-31187 | Stored Cross Site Scripting (XSS) through global search in GLPI | S | |
| CVE-2022-31188 | Server-Side Request Forgery Vulnerability in Computer Vision Annotation Tool (CVAT) | E S | |
| CVE-2022-31189 | "Internal System Error" page in DSpace JSPUI prints exceptions and stack traces without sanitization | S | |
| CVE-2022-31190 | Metadata of withdrawn Items is exposed to anonymous users in DSpace XMLUI | S | |
| CVE-2022-31191 | Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools | S | |
| CVE-2022-31192 | Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature | S | |
| CVE-2022-31193 | URL Redirection to Untrusted Site in Dspace JSPUI | S | |
| CVE-2022-31194 | Path traversal vulnerabilities in DSpace JSPUI submission upload | S | |
| CVE-2022-31195 | Path traversal vulnerability in Simple Archive Format package import in DSpace | S | |
| CVE-2022-31196 | Server-Side Request Forgery (SSRF) vulnerability in Databasir | E S | |
| CVE-2022-31197 | SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc | E S | |
| CVE-2022-31198 | GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals in @openzeppelin/contracts | S | |
| CVE-2022-31199 | Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording com... | KEV E | |
| CVE-2022-31200 | Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad... | | |
| CVE-2022-31201 | SoftGuard Web (SGW) before 5.1.5 allows HTML injection.... | E | |
| CVE-2022-31202 | The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitr... | E | |
| CVE-2022-31204 | Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feat... | | |
| CVE-2022-31205 | In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the... | | |
| CVE-2022-31206 | The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2... | | |
| CVE-2022-31207 | The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lac... | | |
| CVE-2022-31208 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can ex... | | |
| CVE-2022-31209 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overf... | | |
| CVE-2022-31210 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set... | | |
| CVE-2022-31211 | An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by d... | E | |
| CVE-2022-31212 | An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus s... | E S | |
| CVE-2022-31213 | An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found wh... | E S | |
| CVE-2022-31214 | A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus... | S | |
| CVE-2022-31215 | In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent u... | E | |
| CVE-2022-31216 | Drive Composer Link Following Local Privilege Escalation Vulnerability | S | |
| CVE-2022-31217 | Drive Composer Link Following Local Privilege Escalation Vulnerability | S | |
| CVE-2022-31218 | Drive Composer Link Following Local Privilege Escalation Vulnerability | S | |
| CVE-2022-31219 | Drive Composer Link Following Local Privilege Escalation Vulnerability | S | |
| CVE-2022-31220 | Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administra... | | |
| CVE-2022-31221 | Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrato... | S | |
| CVE-2022-31222 | Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A l... | S | |
| CVE-2022-31223 | Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authentica... | S | |
| CVE-2022-31224 | Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. ... | S | |
| CVE-2022-31225 | Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administra... | S | |
| CVE-2022-31226 | Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malici... | S | |
| CVE-2022-31227 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-31228 | Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthen... | S | |
| CVE-2022-31229 | Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. A... | | |
| CVE-2022-31230 | Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remo... | | |
| CVE-2022-31232 | SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unau... | | |
| CVE-2022-31233 | Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adj... | S | |
| CVE-2022-31234 | Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnera... | S | |
| CVE-2022-31237 | Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper p... | | |
| CVE-2022-31238 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, ... | | |
| CVE-2022-31239 | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain s... | S | |
| CVE-2022-31242 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-31243 | Update description and links DMA transactions which are targeted at input buffers used for the softw... | | |
| CVE-2022-31244 | Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation.... | | |
| CVE-2022-31245 | mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privil... | E S | |
| CVE-2022-31246 | paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment requ... | | |
| CVE-2022-31247 | Rancher: Downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB) | E M | |
| CVE-2022-31248 | SUMA user enumeration via weak error message | E | |
| CVE-2022-31249 | [RANCHER] OS command injection in Rancher and Fleet | | |
| CVE-2022-31250 | keylime %post scriplet allows for privilege escalation from keylime user to root | E | |
| CVE-2022-31251 | slurm: %post for slurm-testsuite operates as root in user owned directory | E | |
| CVE-2022-31252 | permissions: chkstat does not check for group-writable parent directories or target files in safeOpen() | | |
| CVE-2022-31253 | openldap2: /usr/lib/openldap/start allows ldap user/group to recursively chown arbitrary directory trees to itself | E | |
| CVE-2022-31254 | rmt-server-pubcloud allows to escalate from user _rmt to root | E | |
| CVE-2022-31255 | SUMA/UYUNI directory path traversal vulnerability in CobblerSnipperViewAction | | |
| CVE-2022-31256 | sendmail: mail to root privilege escalation via sm-client.pre script | | |
| CVE-2022-31257 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31),... | S | |
| CVE-2022-31258 | In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate... | | |
| CVE-2022-31259 | The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass acce... | E S | |
| CVE-2022-31260 | In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers... | E S | |
| CVE-2022-31261 | An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack ... | | |
| CVE-2022-31262 | An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insuffic... | E | |
| CVE-2022-31263 | app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.... | S | |
| CVE-2022-31264 | Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. e... | E | |
| CVE-2022-31265 | The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to ex... | E | |
| CVE-2022-31266 | In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) all... | | |
| CVE-2022-31267 | Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be pl... | E | |
| CVE-2022-31268 | A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//..... | E | |
| CVE-2022-31269 | Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that al... | E | |
| CVE-2022-31273 | An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perfor... | | |
| CVE-2022-31277 | Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers t... | E | |
| CVE-2022-31279 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-31282 | Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /So... | E | |
| CVE-2022-31285 | An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h... | E | |
| CVE-2022-31287 | An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp... | E | |
| CVE-2022-31289 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-31290 | A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers... | E | |
| CVE-2022-31291 | An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free v... | S | |
| CVE-2022-31294 | An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attac... | E | |
| CVE-2022-31295 | An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated atta... | E | |
| CVE-2022-31296 | Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the... | | |
| CVE-2022-31298 | A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to ex... | | |
| CVE-2022-31299 | Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Use... | E | |
| CVE-2022-31300 | A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to e... | | |
| CVE-2022-31301 | Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post A... | | |
| CVE-2022-31302 | maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server G... | E | |
| CVE-2022-31303 | maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server ... | E | |
| CVE-2022-31306 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_conver... | E S | |
| CVE-2022-31307 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offse... | E S | |
| CVE-2022-31308 | A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to o... | E | |
| CVE-2022-31309 | A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to... | E | |
| CVE-2022-31311 | An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitra... | E | |
| CVE-2022-31313 | api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package.... | | |
| CVE-2022-31321 | The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing a... | | |
| CVE-2022-31322 | Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via ... | | |
| CVE-2022-31324 | An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems ... | | |
| CVE-2022-31325 | There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/Why... | E | |
| CVE-2022-31327 | Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=prod... | E | |
| CVE-2022-31328 | Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view... | E | |
| CVE-2022-31329 | Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loa... | E | |
| CVE-2022-31335 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?vi... | E | |
| CVE-2022-31336 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php... | E | |
| CVE-2022-31337 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?v... | E | |
| CVE-2022-31338 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=... | E | |
| CVE-2022-31339 | Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php.... | E | |
| CVE-2022-31340 | Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php.... | E | |
| CVE-2022-31342 | Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f... | E | |
| CVE-2022-31343 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/v... | E | |
| CVE-2022-31344 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=d... | E | |
| CVE-2022-31345 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manag... | E | |
| CVE-2022-31346 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=d... | E | |
| CVE-2022-31347 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=d... | E | |
| CVE-2022-31348 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_... | E | |
| CVE-2022-31350 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_... | E | |
| CVE-2022-31351 | Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_... | E | |
| CVE-2022-31352 | Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_s... | E | |
| CVE-2022-31353 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_se... | E | |
| CVE-2022-31354 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=g... | E | |
| CVE-2022-31355 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/... | E | |
| CVE-2022-31356 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/... | E | |
| CVE-2022-31357 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/... | E | |
| CVE-2022-31358 | A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 ... | E S | |
| CVE-2022-31361 | Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. N... | E M | |
| CVE-2022-31362 | Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnera... | E M | |
| CVE-2022-31363 | Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affe... | E | |
| CVE-2022-31364 | Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affe... | E | |
| CVE-2022-31366 | An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3... | E | |
| CVE-2022-31367 | Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.... | E | |
| CVE-2022-31372 | Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile ... | S | |
| CVE-2022-31373 | SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the ... | E | |
| CVE-2022-31374 | An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows a... | E | |
| CVE-2022-31382 | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the sea... | E | |
| CVE-2022-31383 | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the edi... | E | |
| CVE-2022-31384 | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the ful... | E | |
| CVE-2022-31386 | A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers t... | E | |
| CVE-2022-31390 | Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the... | E | |
| CVE-2022-31393 | Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the... | E | |
| CVE-2022-31394 | Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in... | E S | |
| CVE-2022-31395 | Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perf... | E | |
| CVE-2022-31398 | A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows ... | E | |
| CVE-2022-31400 | A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allow... | E | |
| CVE-2022-31402 | ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservic... | E | |
| CVE-2022-31403 | ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/aja... | E | |
| CVE-2022-31405 | MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext.... | E | |
| CVE-2022-31414 | D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to contain a buffer overflow via srtcat in ... | | |
| CVE-2022-31415 | Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GE... | E | |
| CVE-2022-31446 | Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (R... | E | |
| CVE-2022-31447 | An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sen... | E | |
| CVE-2022-31454 | Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint ... | | |
| CVE-2022-31455 | * A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrar... | | |
| CVE-2022-31456 | A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary ... | | |
| CVE-2022-31457 | RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the en... | | |
| CVE-2022-31458 | RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning.... | | |
| CVE-2022-31459 | Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 valu... | E | |
| CVE-2022-31460 | Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot c... | E | |
| CVE-2022-31461 | Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a... | E | |
| CVE-2022-31462 | Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derive... | E | |
| CVE-2022-31463 | Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only clien... | E | |
| CVE-2022-31464 | Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate pri... | E | |
| CVE-2022-31465 | A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13)... | | |
| CVE-2022-31466 | TOCTOU Vulnerability in Quick Heal Total Security | | |
| CVE-2022-31467 | DLL Hijacking Vulnerability in Quick Heal Total Security | | |
| CVE-2022-31468 | OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len... | | |
| CVE-2022-31469 | OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for... | E | |
| CVE-2022-31470 | An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebM... | | |
| CVE-2022-31471 | untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earl... | | |
| CVE-2022-31472 | Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote a... | | |
| CVE-2022-31473 | BIG-IP APM Appliance mode vulnerability CVE-2022-31473 | | |
| CVE-2022-31474 | WordPress BackupBuddy Plugin 8.5.8.0-8.7.4.1 is vulnerable to Directory Traversal | S | |
| CVE-2022-31475 | WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerability | S | |
| CVE-2022-31476 | Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authentica... | S | |
| CVE-2022-31477 | Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potential... | S | |
| CVE-2022-31478 | The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search f... | | |
| CVE-2022-31479 | Remote Code Execution via command injection of the hostname | S | |
| CVE-2022-31480 | Unauthenticated Firmware Upload and Arbitrary Reboot | S | |
| CVE-2022-31481 | Remote Code Execution via buffer overflow in firmware update process | S | |
| CVE-2022-31482 | Denial-of-Service via internal structure overflow | S | |
| CVE-2022-31483 | Arbitrary file write via authenticated OSDP file upload | S | |
| CVE-2022-31484 | User Account Deletion Unauthenticated | S | |
| CVE-2022-31485 | Unauthenticated homepage note modification | S | |
| CVE-2022-31486 | Command injection via Advanced Networking route add functionality | S | |
| CVE-2022-31487 | Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView... | E | |
| CVE-2022-31488 | Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL... | E | |
| CVE-2022-31489 | Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injectio... | E | |
| CVE-2022-31492 | Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergr... | E | |
| CVE-2022-31493 | LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.... | E | |
| CVE-2022-31494 | LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.... | E | |
| CVE-2022-31495 | LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.... | E | |
| CVE-2022-31496 | LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.... | E | |
| CVE-2022-31497 | LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.... | | |
| CVE-2022-31498 | LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.... | E | |
| CVE-2022-31499 | Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject O... | E | |
| CVE-2022-31500 | In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions.... | | |
| CVE-2022-31501 | The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal beca... | E S | |
| CVE-2022-31502 | The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal becaus... | E S | |
| CVE-2022-31503 | The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the... | E S | |
| CVE-2022-31504 | The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute pat... | E S | |
| CVE-2022-31505 | The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal ... | E | |
| CVE-2022-31506 | The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal becau... | E S | |
| CVE-2022-31507 | The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the F... | E S | |
| CVE-2022-31508 | The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because th... | E S | |
| CVE-2022-31509 | The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal becau... | E | |
| CVE-2022-31510 | The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal be... | E S | |
| CVE-2022-31511 | The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal becau... | E | |
| CVE-2022-31512 | The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because ... | E | |
| CVE-2022-31513 | The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because ... | E | |
| CVE-2022-31514 | The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal... | E | |
| CVE-2022-31515 | The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Fl... | E | |
| CVE-2022-31516 | The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because ... | E | |
| CVE-2022-31517 | The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because t... | E | |
| CVE-2022-31518 | The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allo... | E | |
| CVE-2022-31519 | The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the... | E | |
| CVE-2022-31520 | The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path tra... | E | |
| CVE-2022-31521 | The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because t... | E | |
| CVE-2022-31522 | The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because... | E | |
| CVE-2022-31523 | The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because th... | E | |
| CVE-2022-31524 | The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversa... | E | |
| CVE-2022-31525 | The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flas... | E | |
| CVE-2022-31526 | The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal be... | E | |
| CVE-2022-31527 | The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal ... | E | |
| CVE-2022-31528 | The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute p... | E | |
| CVE-2022-31529 | The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal be... | E | |
| CVE-2022-31530 | The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask se... | E | |
| CVE-2022-31531 | The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Fl... | E | |
| CVE-2022-31532 | The dankolbman/travel_blahg repository through 2016-01-16 on GitHub allows absolute path traversal b... | E | |
| CVE-2022-31533 | The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal beca... | E | |
| CVE-2022-31534 | The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal be... | E | |
| CVE-2022-31535 | The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal becau... | E | |
| CVE-2022-31536 | The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal be... | E | |
| CVE-2022-31537 | The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path t... | E | |
| CVE-2022-31538 | The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path trave... | E | |
| CVE-2022-31539 | The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the ... | E | |
| CVE-2022-31540 | The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path t... | E | |
| CVE-2022-31541 | The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path trave... | E | |
| CVE-2022-31542 | The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the... | E | |
| CVE-2022-31543 | The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the ... | E | |
| CVE-2022-31544 | The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask... | E | |
| CVE-2022-31545 | The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal b... | E | |
| CVE-2022-31546 | The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the... | E | |
| CVE-2022-31547 | The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal becaus... | E | |
| CVE-2022-31548 | The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because ... | E | |
| CVE-2022-31549 | The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal ... | E S | |
| CVE-2022-31550 | The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal bec... | E | |
| CVE-2022-31551 | The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversa... | E | |
| CVE-2022-31552 | The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path trav... | E | |
| CVE-2022-31553 | The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal ... | E | |
| CVE-2022-31554 | The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolu... | E | |
| CVE-2022-31555 | The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal be... | E | |
| CVE-2022-31556 | The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path travers... | E | |
| CVE-2022-31557 | The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the ... | | |
| CVE-2022-31558 | The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because t... | | |
| CVE-2022-31559 | The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal becau... | | |
| CVE-2022-31560 | The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal becau... | | |
| CVE-2022-31561 | The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path tr... | | |
| CVE-2022-31562 | The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal ... | | |
| CVE-2022-31563 | The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the... | | |
| CVE-2022-31564 | The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal becau... | S | |
| CVE-2022-31565 | The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because t... | | |
| CVE-2022-31566 | The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because t... | | |
| CVE-2022-31567 | The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Fl... | E | |
| CVE-2022-31568 | The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because t... | E | |
| CVE-2022-31569 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-31570 | The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path ... | | |
| CVE-2022-31571 | The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute pat... | E | |
| CVE-2022-31572 | The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal becaus... | E | |
| CVE-2022-31573 | The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal b... | E | |
| CVE-2022-31574 | The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversa... | E | |
| CVE-2022-31575 | The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal b... | E | |
| CVE-2022-31576 | The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traver... | E | |
| CVE-2022-31577 | The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path tra... | | |
| CVE-2022-31578 | The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal becau... | E | |
| CVE-2022-31579 | The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal becaus... | | |
| CVE-2022-31580 | The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traver... | E | |
| CVE-2022-31581 | The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because th... | E | |
| CVE-2022-31582 | The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal becau... | E | |
| CVE-2022-31583 | The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path... | E | |
| CVE-2022-31584 | The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal becaus... | E | |
| CVE-2022-31585 | The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path trave... | E | |
| CVE-2022-31586 | The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path... | E | |
| CVE-2022-31587 | The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path trav... | E | |
| CVE-2022-31588 | The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal beca... | E | |
| CVE-2022-31589 | Due to improper authorization check, business users who are using Israeli File from SHAAM program (/... | | |
| CVE-2022-31590 | SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access,... | | |
| CVE-2022-31591 | SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an un... | | |
| CVE-2022-31592 | The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,6... | | |
| CVE-2022-31593 | SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that c... | | |
| CVE-2022-31594 | A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local... | | |
| CVE-2022-31595 | SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an a... | | |
| CVE-2022-31596 | Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges ... | | |
| CVE-2022-31597 | Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application bus... | | |
| CVE-2022-31598 | Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated at... | | |
| CVE-2022-31599 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated priv... | | |
| CVE-2022-31600 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges ... | | |
| CVE-2022-31601 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privile... | | |
| CVE-2022-31602 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privil... | | |
| CVE-2022-31603 | NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges... | | |
| CVE-2022-31604 | NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where T... | | |
| CVE-2022-31605 | NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are... | | |
| CVE-2022-31606 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | S | |
| CVE-2022-31607 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), w... | S | |
| CVE-2022-31608 | NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file... | S | |
| CVE-2022-31609 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it all... | S | |
| CVE-2022-31610 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | S | |
| CVE-2022-31611 | NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client inst... | | |
| CVE-2022-31612 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | S | |
| CVE-2022-31613 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any l... | S | |
| CVE-2022-31614 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may ... | S | |
| CVE-2022-31615 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local... | S | |
| CVE-2022-31616 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | S | |
| CVE-2022-31617 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy... | S | |
| CVE-2022-31618 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can... | S | |
| CVE-2022-31619 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.... | S | |
| CVE-2022-31620 | In libjpeg before 1.64, BitStream | E S | |
| CVE-2022-31621 | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, ... | S | |
| CVE-2022-31622 | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, ... | S | |
| CVE-2022-31623 | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, ... | S | |
| CVE-2022-31624 | MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_aud... | S | |
| CVE-2022-31625 | Freeing unallocated memory in php_pgsql_free_params() | E S | |
| CVE-2022-31626 | mysqlnd/pdo password buffer overflow | E S | |
| CVE-2022-31627 | Heap buffer overflow in finfo_buffer | E S | |
| CVE-2022-31628 | phar wrapper can occur dos when using quine gzip file | S | |
| CVE-2022-31629 | $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities | E S | |
| CVE-2022-31630 | OOB read due to insufficient input validation in imageloadfont() | E S | |
| CVE-2022-31631 | PDO::quote() may return unquoted string | | |
| CVE-2022-31635 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for... | | |
| CVE-2022-31636 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for... | | |
| CVE-2022-31637 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for... | | |
| CVE-2022-31638 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for... | | |
| CVE-2022-31639 | Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for... | | |
| CVE-2022-31640 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which m... | | |
| CVE-2022-31641 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which m... | | |
| CVE-2022-31642 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which m... | | |
| CVE-2022-31643 | A potential security vulnerability has been identified in the system BIOS for certain HP PC products... | | |
| CVE-2022-31644 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which m... | | |
| CVE-2022-31645 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which m... | | |
| CVE-2022-31646 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which m... | | |
| CVE-2022-31647 | Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destro... | | |
| CVE-2022-31648 | Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SS... | | |
| CVE-2022-31649 | ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Tra... | | |
| CVE-2022-31650 | In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.... | E | |
| CVE-2022-31651 | In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.... | E | |
| CVE-2022-31654 | VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnera... | S | |
| CVE-2022-31655 | VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnera... | S | |
| CVE-2022-31656 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypa... | S | |
| CVE-2022-31657 | VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious ... | S | |
| CVE-2022-31658 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code executio... | S | |
| CVE-2022-31659 | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A ma... | S | |
| CVE-2022-31660 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalatio... | S | |
| CVE-2022-31661 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalati... | S | |
| CVE-2022-31662 | VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path tra... | S | |
| CVE-2022-31663 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site... | S | |
| CVE-2022-31664 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation... | S | |
| CVE-2022-31665 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code executio... | S | |
| CVE-2022-31666 | Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies | | |
| CVE-2022-31667 | Harbor fails to validate the user permissions when updating a robot account | | |
| CVE-2022-31668 | User permission validation failure and disclosure of P2P preheat execution logs | | |
| CVE-2022-31669 | Harbor fails to validate the user permissions when updating tag immutability policies | | |
| CVE-2022-31670 | Harbor fails to validate the user permissions when updating tag retention policies | | |
| CVE-2022-31671 | Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs | | |
| CVE-2022-31672 | VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with adm... | S | |
| CVE-2022-31673 | VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malici... | S | |
| CVE-2022-31674 | VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malici... | S | |
| CVE-2022-31675 | VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malic... | S | |
| CVE-2022-31676 | VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A mali... | S | |
| CVE-2022-31677 | An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0).... | | |
| CVE-2022-31678 | VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x inst... | | |
| CVE-2022-31679 | Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0... | | |
| CVE-2022-31680 | The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services co... | E | |
| CVE-2022-31681 | VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges withi... | S | |
| CVE-2022-31682 | VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with adminis... | | |
| CVE-2022-31683 | Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A ... | E | |
| CVE-2022-31684 | Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of inv... | | |
| CVE-2022-31685 | VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malici... | S | |
| CVE-2022-31686 | VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A ... | S | |
| CVE-2022-31687 | VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicio... | S | |
| CVE-2022-31688 | VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerabi... | S | |
| CVE-2022-31689 | VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious ac... | S | |
| CVE-2022-31690 | Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions... | M | |
| CVE-2022-31691 | Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot... | | |
| CVE-2022-31692 | Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authoriz... | M | |
| CVE-2022-31693 | VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vu... | | |
| CVE-2022-31694 | InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the install... | | |
| CVE-2022-31696 | VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network s... | S | |
| CVE-2022-31697 | The vCenter Server contains an information disclosure vulnerability due to the logging of credential... | | |
| CVE-2022-31698 | The vCenter Server contains a denial-of-service vulnerability in the content library service. A mali... | | |
| CVE-2022-31699 | VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileg... | | |
| CVE-2022-31700 | VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vuln... | | |
| CVE-2022-31701 | VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMwa... | | |
| CVE-2022-31702 | vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST ... | S | |
| CVE-2022-31703 | The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious... | | |
| CVE-2022-31704 | The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated maliciou... | S | |
| CVE-2022-31705 | VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0... | | |
| CVE-2022-31706 | The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious... | S | |
| CVE-2022-31707 | vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the ... | S | |
| CVE-2022-31708 | vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the... | S | |
| CVE-2022-31710 | vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor ca... | S | |
| CVE-2022-31711 | VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can ... | S | |
| CVE-2022-31733 | Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to ... | | |
| CVE-2022-31734 | Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site s... | | |
| CVE-2022-31735 | OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vul... | S | |
| CVE-2022-31736 | A malicious website could have learned the size of a cross-origin resource that supported Range requ... | | |
| CVE-2022-31737 | A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption ... | | |
| CVE-2022-31738 | When exiting fullscreen mode, an iframe could have confused the browser about the current state of f... | | |
| CVE-2022-31739 | When downloading files on Windows, the % character was not escaped, which could have lead to a downl... | | |
| CVE-2022-31740 | On arm64, WASM code could have resulted in incorrect assembly generation leading to a register alloc... | | |
| CVE-2022-31741 | A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and ... | | |
| CVE-2022-31742 | An attacker could have exploited a timing attack by sending a large number of allowCredential entrie... | | |
| CVE-2022-31743 | Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity wit... | | |
| CVE-2022-31744 | An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:... | | |
| CVE-2022-31745 | If array shift operations are not used, the Garbage Collector may have become confused about valid o... | | |
| CVE-2022-31746 | Internal URLs are protected by a secret UUID key, which could have been leaked to web page through t... | | |
| CVE-2022-31747 | Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memor... | | |
| CVE-2022-31748 | Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuz... | | |
| CVE-2022-31749 | Authenticated arbitrary file read/write in WatchGuard Fireware OS | | |
| CVE-2022-31751 | The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability m... | | |
| CVE-2022-31752 | Missing authorization vulnerability in the system components. Successful exploitation of this vulner... | | |
| CVE-2022-31753 | The voice wakeup module has a vulnerability of using externally-controlled format strings. Successfu... | | |
| CVE-2022-31754 | Logical defects in code implementation in some products. Successful exploitation of this vulnerabili... | | |
| CVE-2022-31755 | The communication module has a vulnerability of improper permission preservation. Successful exploit... | | |
| CVE-2022-31756 | The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may ... | | |
| CVE-2022-31757 | The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vuln... | | |
| CVE-2022-31758 | The kernel module has the race condition vulnerability. Successful exploitation of this vulnerabilit... | | |
| CVE-2022-31759 | AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vul... | | |
| CVE-2022-31760 | Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services... | | |
| CVE-2022-31761 | Configuration defects in the secure OS module. Successful exploitation of this vulnerability will af... | | |
| CVE-2022-31762 | The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerabilit... | | |
| CVE-2022-31763 | The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitat... | | |
| CVE-2022-31764 | Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC | | |
| CVE-2022-31765 | Affected devices do not properly authorize the change password function of the web interface. This ... | S | |
| CVE-2022-31766 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version... | | |
| CVE-2022-31767 | IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands o... | | |
| CVE-2022-31768 | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send ... | S | |
| CVE-2022-31769 | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view pro... | S | |
| CVE-2022-31770 | IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration consol... | | |
| CVE-2022-31772 | IBM MQ denial of service | S | |
| CVE-2022-31773 | IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which ... | S | |
| CVE-2022-31774 | IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0... | S | |
| CVE-2022-31775 | IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0... | S | |
| CVE-2022-31776 | IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0... | S | |
| CVE-2022-31777 | Apache Spark XSS vulnerability in log viewer UI Javascript | M | |
| CVE-2022-31778 | Transfer-Encoding not treated as hop-by-hop | | |
| CVE-2022-31779 | Improper HTTP/2 scheme and method validation | | |
| CVE-2022-31780 | HTTP/2 framing vulnerabilities | | |
| CVE-2022-31781 | Regular Expression Denial of Service (ReDoS) in ContentType.java. (GHSL-2022-022) | | |
| CVE-2022-31782 | ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.... | | |
| CVE-2022-31783 | Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstra... | E S | |
| CVE-2022-31784 | A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business... | | |
| CVE-2022-31786 | IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO... | E | |
| CVE-2022-31787 | IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO... | E | |
| CVE-2022-31788 | IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&Cl... | E | |
| CVE-2022-31789 | An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attack... | | |
| CVE-2022-31790 | WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive... | E | |
| CVE-2022-31791 | WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access... | | |
| CVE-2022-31792 | A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGua... | | |
| CVE-2022-31793 | do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by c... | E | |
| CVE-2022-31794 | An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A S... | E | |
| CVE-2022-31795 | An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A S... | E | |
| CVE-2022-31796 | libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierar... | S | |
| CVE-2022-31798 | Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS w... | | |
| CVE-2022-31799 | Bottle before 0.12.20 mishandles errors during early request binding.... | S | |
| CVE-2022-31800 | Insufficient Verification of Data Vulnerability in PHOENIX CONTACT classic line industrial controllers | E | |
| CVE-2022-31801 | Insufficient Verification of Data Vulnerability in ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool | M | |
| CVE-2022-31802 | Partial string comparison in CODESYS gateway server | | |
| CVE-2022-31803 | CODESYS Gateway Server V2 prone to Denial of Service Attack | | |
| CVE-2022-31804 | CODESYS Gateway server prone to denial of service attack due to excessive memory allocation | | |
| CVE-2022-31805 | Insecure transmission of credentials | | |
| CVE-2022-31806 | Insecure default settings in CODESYS Runtime Toolkit 32 bit full and CODESYS PLCWinNT | | |
| CVE-2022-31807 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass inte... | | |
| CVE-2022-31808 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V2.85.44), ... | | |
| CVE-2022-31810 | A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server... | | |
| CVE-2022-31812 | A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected serve... | | |
| CVE-2022-31813 | mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism | | |
| CVE-2022-31814 | pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as roo... | E | |
| CVE-2022-31827 | MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function pe... | E | |
| CVE-2022-31830 | Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init funct... | E | |
| CVE-2022-31836 | The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues... | E S | |
| CVE-2022-31845 | A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obta... | E | |
| CVE-2022-31846 | A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain... | E | |
| CVE-2022-31847 | A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attac... | E | |
| CVE-2022-31849 | MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (... | E | |
| CVE-2022-31854 | Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change ... | E | |
| CVE-2022-31856 | Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newslet... | E | |
| CVE-2022-31860 | An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a... | E | |
| CVE-2022-31861 | Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sen... | E | |
| CVE-2022-31873 | Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix paramete... | E | |
| CVE-2022-31874 | ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the... | E | |
| CVE-2022-31875 | Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname paramet... | E | |
| CVE-2022-31876 | netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recrea... | E | |
| CVE-2022-31877 | An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalat... | E | |
| CVE-2022-31879 | Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.... | E | |
| CVE-2022-31883 | Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low pri... | | |
| CVE-2022-31884 | Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege ... | E | |
| CVE-2022-31885 | Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBSc... | E | |
| CVE-2022-31886 | Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disabl... | E | |
| CVE-2022-31887 | Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to c... | E | |
| CVE-2022-31888 | Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.... | E S | |
| CVE-2022-31889 | Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-... | E S | |
| CVE-2022-31890 | SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a784... | E S | |
| CVE-2022-31897 | SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html... | E | |
| CVE-2022-31898 | gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple com... | E | |
| CVE-2022-31901 | Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attacker... | E | |
| CVE-2022-31902 | Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add().... | E | |
| CVE-2022-31904 | EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scriptin... | | |
| CVE-2022-31906 | Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Mast... | E | |
| CVE-2022-31908 | Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.ph... | E | |
| CVE-2022-31910 | Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS). via /otps/classes/Master.... | E | |
| CVE-2022-31911 | Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=dele... | E | |
| CVE-2022-31912 | Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_t... | E | |
| CVE-2022-31913 | Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Mast... | E | |
| CVE-2022-31914 | Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/sav... | E | |
| CVE-2022-31937 | Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strc... | | |
| CVE-2022-31941 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\mana... | E | |
| CVE-2022-31943 | MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.... | E | |
| CVE-2022-31945 | Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php... | E | |
| CVE-2022-31946 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f... | E | |
| CVE-2022-31948 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f... | E | |
| CVE-2022-31951 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f... | E | |
| CVE-2022-31952 | Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f... | E | |
| CVE-2022-31953 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_repor... | E | |
| CVE-2022-31956 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_repor... | E | |
| CVE-2022-31957 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team... | E | |
| CVE-2022-31959 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_t... | E | |
| CVE-2022-31961 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/mana... | E | |
| CVE-2022-31962 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view... | E | |
| CVE-2022-31964 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_type... | E | |
| CVE-2022-31965 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_typ... | E | |
| CVE-2022-31966 | ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Maste... | E | |
| CVE-2022-31969 | ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=use... | E | |
| CVE-2022-31970 | ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=res... | E | |
| CVE-2022-31971 | ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=res... | E | |
| CVE-2022-31973 | Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=de... | E | |
| CVE-2022-31974 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=... | E | |
| CVE-2022-31975 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_u... | E | |
| CVE-2022-31976 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=dele... | E | |
| CVE-2022-31977 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=dele... | E | |
| CVE-2022-31978 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=dele... | E | |
| CVE-2022-31980 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_... | E | |
| CVE-2022-31981 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_te... | E | |
| CVE-2022-31982 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view... | E | |
| CVE-2022-31983 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/mana... | E | |
| CVE-2022-31984 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_actio... | E | |
| CVE-2022-31985 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports... | E | |
| CVE-2022-31986 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports... | E | |
| CVE-2022-31988 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/... | E | |
| CVE-2022-31989 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/ma... | E | |
| CVE-2022-31990 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f... | E | |
| CVE-2022-31991 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f... | E | |
| CVE-2022-31992 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_r... | E | |
| CVE-2022-31993 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?... | E | |
| CVE-2022-31994 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/v... | E | |
| CVE-2022-31996 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/ma... | E | |
| CVE-2022-31998 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service... | E |