VulDB is a vulnerability database documenting more than 174000 vulnerabilities since 1970. The following list shows the latest vulnerabilities threats and exploits
- CVE-2022-41971 | Nextcould Talk up to 12.2.7/13.0.9/14.0.5 on Android Video Stream information disclosure (GHSA-wx6w-xpg9-6fv4)
- CVE-2022-44930 | D-Link DHP-W310AV 3.10EU command injection
- CVE-2021-3270 | ruby-mysql Gem up to 2.9.x on Ruby external reference
- CVE-2022-45562 | Telos Alliance Omnia MPX Node up to 1.4.9 System Setting permission
- CVE-2022-43325 | Telos Alliance Omnia MPX Node 1.3.x/1.4.x Product License Validation command injection
- CVE-2022-23737 | GitHub Enterprise Server up to 3.2.19/3.3.14/3.4.9/3.5.6/3.6.2 API privileges management
- CVE-2022-3710 | Sophos Firewall up to 19.4 API Controller sql injection
- CVE-2022-2969 | Delta Industrial Automation DIALink up to 1.5.0.0 Beta 3 path traversal (icsa-22-307-03)
- CVE-2022-41970 | Nextcloud Server up to 24.0.6/25.0.0 Image Preview authorization (GHSA-9mh6-cph8-772c)
- CVE-2022-41968 | Nextcloud Server up to 23.0.9/24.0.4 Calendar Name resource consumption (GHSA-m92j-xxc8-hq3v)
- CVE-2022-29837 | Western Digital My Cloud Home/My Cloud Home Duo/SanDisk ibi ZIP Package path traversal
- CVE-2022-41969 | Nextcloud Server up to 23.0.10/24.0.6 Password Length resource consumption (GHSA-4gm7-j7wg-m4fx)
- CVE-2022-43333 | Telenia TVox prior 22.0.17 action_export_control.php Privilege Escalation
- CVE-2022-43900 | IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps Network Connection improper authentication (XFDB-240827)
- CVE-2022-43901 | IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps information disclosure (XFDB-240829)
- CVE-2022-41297 | IBM IBM Db2U 3.5/4.0/4.5 cross-site request forgery (XFDB-237212)
- CVE-2022-37017 | Symantec Endpoint Protection up to 14.3 RU5 on Windows Privilege Escalation
- CVE-2022-37016 | Symantec Endpoint Protection on Windows Privilege Escalation
- CVE-2022-30528 | asith-eranga ISIC Tour Booking controller.php username sql injection
- CVE-2022-28607 | asith-eranga ISIC Tour Booking controller.php action information disclosure
- CVE-2022-4221 | Asus NAS-M25 up to 1.0.1.7 Cookie os command injection
- CVE-2022-36431 | Rocket TRUfusion Enterprise prior 7.9.6.1 JSP File unrestricted upload
- CVE-2022-3270 | Festo VTEM-S1 insufficient technical documentation (VDE-2022-041)
- CVE-2022-1471 | SnakeYAML Constructor deserialization (GHSA-mjmj-j48q-9wg2)
- CVE-2022-45050 | Axiell Iguana CMS twitter.php title cross site scripting
- CVE-2022-4257 | C-DATA Web Management System GET Parameter cgi-bin/jumpto.php hostname argument injection
- CVE-2022-4253 | SourceCodester Canteen Management System customer.php builtin_echo cross site scripting
- CVE-2022-4252 | SourceCodester Canteen Management System categories.php builtin_echo cross site scripting
- CVE-2022-4251 | Movie Ticket Booking System editBooking.php cross site scripting
- CVE-2022-4250 | Movie Ticket Booking System booking.php id cross site scripting
- CVE-2022-4249 | Movie Ticket Booking System POST Request ORDER_ID cross site scripting
- CVE-2022-4248 | Movie Ticket Booking System editBooking.php id sql injection
- CVE-2022-4247 | Movie Ticket Booking System booking.php id sql injection
- CVE-2022-4246 | Kakao PotPlayer MID File denial of service
- CVE-2022-40489 | ThinkCMF 6.0.7 cross-site request forgery (ID 736)
- CVE-2022-45640 | Tenda AC6 15.03.05.19 denial of service
- CVE-2014-10401 | DBI Module on Perl DBD::File f_dir permission assignment
- CVE-2022-44262 | ff4j 1.8.1 Privilege Escalation (ID 624)
- CVE-2022-46156 | Synthetic Monitoring Agent up to 0.11.x on Grafana debug code (GHSA-9j4f-f249-q5w8)
- CVE-2022-46162 | discourse-bbcode CSS injection (GHSA-8c87-xpqv-c7mp)
- CVE-2022-23746 | Check Point SSL Network Extender up to R81.10 IPsec VPN Blade excessive authentication (sk180271)
- CVE-2022-40849 | ThinkCMF 6.0.7 Slideshow Management cross site scripting (ID 737)
- CVE-2022-45045 | Xiongmai MBD6304T/NBD6808T-PL JSON File deserialization
- CVE-2022-23093 | FreeBSD 12.3/12.4/13.0/13.1 Ping pr_pack stack-based overflow
- CVE-2021-31740 | SEPPMail Web Frontend cross site scripting
- CVE-2022-4135 | Microsoft Edge GPU heap-based overflow
- CVE-2022-44136 | Tribal Systems Zenario CMS 9.3.57186 Privilege Escalation
- CVE-2022-1606 | M-Files Server prior 22.3.11164.0/22.3.11237.1 privileges management
- CVE-2022-1911 | M-Files Server prior 22.6.11534.1/22.6.11505.0 parser information disclosure
- CVE-2022-46149 | Cap'n Proto out-of-bounds (GHSA-qqff-4vw4-f6hx)
- CVE-2022-44296 | oretnom23 Sanitization Management System 1.0 manage_remark.php id sql injection
- CVE-2022-44295 | oretnom23 Sanitization Management System 1.0 assign_team.php id sql injection
- CVE-2022-44294 | oretnom23 Sanitization Management System 1.0 id sql injection
- CVE-2022-44151 | oretnom23 Simple Inventory Management System 1.0 /ims/login.php sql injection
- CVE-2022-38801 | Zkteco BioTime prior 8.5.3 cross site scripting
- CVE-2022-26366 | AdRotate Banner Manager Plugin up to 5.9 on WordPress cross-site request forgery
- CVE-2022-38803 | Zkteco BioTime prior 8.5.3 PDF Generator access control
- CVE-2022-38802 | Zkteco BioTime prior 8.5.3 PDF Generator access control
- CVE-2022-45842 | WP ULike Plugin up to 4.6.4 on WordPress Rating Score toctou
- CVE-2022-24441 | snyk Project Analysis code injection
- CVE-2022-22984 | snyk command injection
- CVE-2022-4234 | SourceCodester Canteen Management System youthappam/brand.php builtin_echo brand_name cross site scripting
- CVE-2022-46338 | g810-led 0.4.2 access control
- CVE-2022-3859 | Trellix Agent prior 5.7.8 on Windows uncontrolled search path (SB10391)
- CVE-2021-4242 | Sapido BR270n/BRC76n/GR297/RB1732 ip/syscmd.htm os command injection
- CVE-2022-4233 | SourceCodester Event Registration System 1.0 First Name/Last Name cross site scripting
- CVE-2022-4232 | SourceCodester Event Registration System 1.0 cmd unrestricted upload
- CVE-2022-4231 | Tribal Systems Zenario CMS 9.3.57595 Remember Me session fixiation
- CVE-2022-4229 | SourceCodester Book Store Management System 1.0 /bsms_ci/index.php access control
- CVE-2022-4228 | SourceCodester Book Store Management System 1.0 password information disclosure
- CVE-2022-41413 | perfSONAR up to 4.4.5 Search cross-site request forgery
- CVE-2022-41412 | perfSONAR up to 4.4.5 graphData.cgi server-side request forgery
- CVE-2022-3751 | owncast up to 0.0.12 sql injection
- CVE-2022-45332 | LibreDWG 0.12.4.4643 decode_r11.c decode_preR13_section_hdr heap-based overflow (ID 524)
- CVE-2022-44097 | Book Store Management System 1.0 Admin Panel hard-coded credentials
- CVE-2022-44096 | Sanitization Management System 1.0 Admin Panel hard-coded credentials
- CVE-2022-44279 | Garage Management System 1.0 createBrand.php cross site scripting
- CVE-2022-44355 | SolarView Compact 7.0 /network_test.php cross site scripting
- CVE-2022-4144 | QEMU QXL Display Device Emulation qxl_phys2virt out-of-bounds
- CVE-2022-46152 | OP-TEE Trusted OS up to 3.18.x cleanup_shm_refs array index (GHSA-65w8-6mrg-52g7)
- CVE-2022-46155 | Airtable.js up to 0.11.5 Environment Variable AIRTABLE_API_KEY/AIRTABLE_ENDPOINT_URL insufficiently protected credentials (GHSA-vqm5-9546-x25v)
- CVE-2021-31693 | VMware Tools up to 10.x/11.x/12.1.4 on Windows VM3DMP Driver denial of service (VMSA-2022-0029)
- CVE-2022-46148 | Discourse up to 2.8.10/2.9.0.beta11 Message cross site scripting (GHSA-c5h6-6gg5-84fh)
- CVE-2022-4029 | SimplePress Plugin up to 6.8 on WordPress sforum_ cross site scripting
- CVE-2022-4028 | SimplePress Plugin up to 6.8 on WordPress Profile postitem cross site scripting
- CVE-2022-4027 | SimplePress Plugin up to 6.8 on WordPress postitem cross site scripting
- CVE-2022-3991 | Dean Oakley Photospace Gallery Plugin up to 2.3.5 on WordPress Setting update cross site scripting
- CVE-2022-3898 | WP Affiliate Platform Plugin up to 6.3.9 on WordPress affiliates_menu cross-site request forgery
- CVE-2022-3897 | WP Affiliate Platform Plugin up to 6.3.9 on WordPress cross site scripting
- CVE-2022-3896 | WP Affiliate Platform Plugin up to 6.3.9 on WordPress $_SERVER["REQUEST_URI"] cross site scripting
- CVE-2022-44356 | WAVLINK Quantum D4G M31G3.V5030.201204/M31G3.V5030.200325 Configuration access control
- CVE-2022-4172 | QEMU ERST Device read_erst_record/write_erst_record integer overflow (ID 1268)
- CVE-2022-21126 | samtools htsjdk up to 3.0.0 util/IOUtil.java createTempDir temp file
- CVE-2022-45337 | Tenda TX9 22.03.02.10 /goform/SetIpMacBind list stack-based overflow
- CVE-2022-4034 | Appointment Hour Booking Plugin up to 1.3.72 on WordPress csv injection
- CVE-2022-25848 | static-dev-server path traversal
- CVE-2022-40265 | Mitsubishi Electric MELSEC iQ-R Packets denial of service
- CVE-2022-46150 | Discourse up to 2.8.12/2.9.0.beta13 information disclosure (GHSA-rqvq-94h8-p5wv)
- CVE-2022-44354 | SolarView Compact 4.0/5.0 unrestricted upload
- CVE-2022-4036 | Appointment Hour Booking Plugin up to 1.3.72 on WordPress CAPTCHA Page captcha