VulDB is a vulnerability database documenting more than 174000 vulnerabilities since 1970. The following list shows the latest vulnerabilities threats and exploits
- CVE-2022-3137 | TaskBuilder up to 1.0.7 on WordPress SVG File Upload admin.php file cross site scripting
- CVE-2022-3290 | ikus060 rdiffweb up to 2.4.7 length parameter
- CVE-2022-30003 | SourceCodester Online Market Place Site 1.0 Product Title/Short Description cross site scripting (ID 168250)
- CVE-2022-40044 | Centreon 20.10.18 Escalation esc_name cross site scripting
- CVE-2022-3272 | ikus060 rdiffweb up to 2.4.7 length parameter
- CVE-2021-28052 | Hitachi Content Platform up to 8.3.6/9.2.2 Tenant Configuration access control
- CVE-2022-39219 | Bifrost up to 1.8.6 HTTP Basic Authentication improper authentication (GHSA-p6fh-xc6r-g5hw)
- CVE-2022-3103 | Linux Kernel up to 6.0-rc2 io_uring Module off-by-one
- CVE-2021-41437 | Asus RT-AX88U prior 3.0.0.4.388.20558 HTTP Response interpretation conflict
- CVE-2022-40784 | mIPC 5.3.1.2003161406 strcpy stack-based overflow
- CVE-2022-39245 | Mist up to 0.9.4 Command-Line Interface PATH permission (GHSA-pxg4-7c7r-2ww6)
- CVE-2022-40050 | ZFile 4.1.1 /file/upload/1 unrestricted upload
- CVE-2022-40043 | Centreon 20.10.18 Configuration Escalations esc_name sql injection
- CVE-2022-22058 | Qualcomm Snapdragon Auto ION use after free
- CVE-2022-40785 | mIPC 5.3.1.2003161406 os command injection
- CVE-2022-3298 | ikus060 rdiffweb up to 2.4.7 allocation of resources
- CVE-2022-30004 | SourceCodester Online Market Place Site 1.0 sql injection (ID 168249)
- CVE-2022-39243 | NuProcess up to 2.0.4 Command Line Argument Java_java_lang_UNIXProcess_forkAndExec command injection (GHSA-cxgf-v2p8-7ph7)
- CVE-2022-28722 | HP inkjet/LaserJet Pro/PageWide Pro buffer overflow
- CVE-2022-3204 | Unbound up to 1.16.2 Resolver NRDelegation denial of service
- CVE-2022-28721 | HP inkjet/LaserJet Pro/PageWide Pro Privilege Escalation
- CVE-2022-40099 | Online Tours & Travels Management System 1.0 update_expense_category.php id sql injection
- CVE-2022-40098 | Online Tours & Travels Management System 1.0 update_expense.php id sql injection
- CVE-2022-40097 | Online Tours & Travels Management System 1.0 update_currency.php id sql injection
- CVE-2022-3195 | Google Chrome prior 105.0.5195.125 Storage out-of-bounds write
- CVE-2022-3075 | Google Chrome prior 105.0.5195.102 Mojo sandbox
- CVE-2022-2998 | Google Chrome prior 104.0.5112.101 HTML Page use after free
- CVE-2022-40485 | Wedding Planner 1.0 /package_detail.php id sql injection
- CVE-2022-40484 | Wedding Planner 1.0 /admin/client_edit.php booking sql injection
- CVE-2022-40483 | Wedding Planner 1.0 /wedding_details.php id sql injection
- CVE-2022-3058 | Google Chrome prior 105.0.5195.52 Sign-In Flow use after free
- CVE-2022-3057 | Google Chrome prior 105.0.5195.52 iFrame Sandbox access control
- CVE-2022-3056 | Google Chrome prior 105.0.5195.52 Content Security Policy access control
- CVE-2022-3055 | Google Chrome prior 105.0.5195.52 Passwords use after free
- CVE-2022-3054 | Google Chrome prior 105.0.5195.52 DevTools Remote Code Execution
- CVE-2022-3053 | Google Chrome prior 105.0.5195.52 Pointer Lock Remote Code Execution
- CVE-2022-3052 | Google Chrome prior 105.0.5195.52 Window Manager heap-based overflow
- CVE-2022-3051 | Google Chrome prior 105.0.5195.52 Exosphere heap-based overflow
- CVE-2022-3050 | Google Chrome prior 105.0.5195.52 WebUI heap-based overflow
- CVE-2022-3049 | Google Chrome prior 105.0.5195.52 SplitScreen use after free
- CVE-2022-3048 | Google Chrome prior 105.0.5195.52 OS Lockscreen Privilege Escalation
- CVE-2022-3047 | Google Chrome prior 105.0.5195.52 Extensions API Remote Code Execution
- CVE-2022-3071 | Google Chrome prior 105.0.5195.52 Tab Strip use after free
- CVE-2022-3046 | Google Chrome prior 105.0.5195.52 Browser Tag use after free
- CVE-2022-3045 | Google Chrome prior 105.0.5195.52 V8 input validation
- CVE-2022-3044 | Google Chrome prior 105.0.5195.52 Site Isolation Remote Code Execution
- CVE-2022-3043 | Google Chrome prior 105.0.5195.52 Screen Capture heap-based overflow
- CVE-2022-3042 | Google Chrome prior 105.0.5195.52 PhoneHub use after free
- CVE-2022-3041 | Google Chrome prior 105.0.5195.52 WebSQL use after free
- CVE-2022-3040 | Google Chrome prior 105.0.5195.52 Layout use after free
- CVE-2022-3039 | Google Chrome prior 105.0.5195.52 WebSQL use after free
- CVE-2022-3038 | Google Chrome prior 105.0.5195.52 Network Service use after free
- CVE-2022-3332 | SourceCodester Food Ordering Management System POST Parameter router.php username sql injection
- CVE-2022-40925 | Zoo Management System 1.0 Events Module unrestricted upload
- CVE-2022-40924 | Zoo Management System 1.0 Animals Module unrestricted upload
- CVE-2022-1613 | Restricted Site Access Plugin up to 7.3.1 on WordPress HTTP Header REMOTE_ADDR authorization
- CVE-2022-3295 | ikus060 rdiffweb up to 2.4.7 allocation of resources
- CVE-2022-3025 | Bitcoin Altcoin Faucet Plugin up to 1.6.0 on WordPress Setting cross site scripting
- CVE-2022-3024 | Simple Bitcoin Faucets Plugin up to 1.7.0 on WordPress AJAX Action cross site scripting
- CVE-2022-3135 | SEO Smart Links Plugin up to 3.0.1 on WordPress Setting cross site scripting
- CVE-2022-3119 | OAuth Client Single Sign On Plugin up to 3.0.3 on WordPress Setting improper authentication
- CVE-2022-3098 | Login Block IPs Plugin up to 1.0.0 on WordPress Setting cross-site request forgery
- CVE-2022-3074 | Slider Hero Plugin up to 8.4.3 on WordPress Slider Name cross site scripting
- CVE-2022-3070 | Generate PDF Plugin up to 3.5 on WordPress Setting cross site scripting
- CVE-2022-3069 | WordLift Plugin up to 3.37.1 on WordPress Setting cross site scripting
- CVE-2022-3062 | Simple File List Plugin up to 4.4.11 on WordPress cross site scripting
- CVE-2022-2987 | Active Directory Integration Plugin up to 3.0.1 on WordPress Setting cross-site request forgery
- CVE-2022-2405 | WP Popup Builder Plugin up to 1.2.8 on WordPress AJAX Action cross-site request forgery
- CVE-2022-2404 | WP Popup Builder Plugin up to 1.2.8 on WordPress cross site scripting
- CVE-2022-1755 | SVG Support Plugin up to 2.4 on WordPress URL cross site scripting
- CVE-2022-2926 | Download Manager Plugin up to 3.2.54 on WordPress Setting path traversal
- CVE-2022-2352 | Email Log Plugin up to 2.1.6 on WordPress server-side request forgery
- CVE-2022-40928 | Online Leave Management System 1.0 Master.php sql injection
- CVE-2022-40927 | Online Leave Management System 1.0 Master.php sql injection
- CVE-2022-40926 | Online Leave Management System 1.0 Master.php sql injection
- CVE-2022-40404 | Wedding Planner 1.0 /admin/select.php id sql injection
- CVE-2022-40403 | Wedding Planner 1.0 /admin/feature_edit.php id sql injection
- CVE-2022-40402 | Wedding Planner 1.0 /admin/client_assign.php booking sql injection
- CVE-2021-24890 | Scripts Organizer Plugin up to 2.x on WordPress AJAX Action saveScript cross-site request forgery
- CVE-2022-3076 | Creative Minds CM Download Manager Plugin up to 2.8.5 on WordPress Setting unrestricted upload
- CVE-2022-2903 | Ninja Forms Contact Form Plugin up to 3.6.12 on WordPress Imported File deserialization
- CVE-2022-38553 | Academy Learning Management System up to 5.9.0 Search cross site scripting
- CVE-2022-3301 | ikus060 rdiffweb up to 2.4.7 Cleanup cleanup
- CVE-2022-38970 | ieGeek IG20 hipcam RealServer 1.0 iLnkP2P access control
- CVE-2022-36159 | Contec FXA3200 up to 1.13 Wireless LAN Manager Interface /etc/shadow hard-coded password
- CVE-2022-36158 | Contec FXA3200 up to 1.13.00 Wireless LAN Manager Interface /usr/www/ja/mnt_cmd.cgi permission
- CVE-2022-21797 | joblib up to 1.1.x Parallel Remote Code Execution (ID 1128)
- CVE-2022-21169 | express-xss-sanitizer up to 1.1.2 allowedTags cross site scripting
- MVID-2022-0645 | Backdoor.Win32.Psychward.b Service Port 8888 hard-coded credentials
- MVID-2022-0644 | Backdoor.Win32.Augudor.b Service Port 810 backdoor
- CVE-2022-3299 | Open5GS up to 2.4.10 AMF lib/sbi/client.c denial of service
- CVE-2022-3297 | vim prior 9.0.0579 use after free
- CVE-2022-3296 | vim prior 9.0.0577 stack-based overflow
- CVE-2022-41347 | Synacor Zimbra Collaboration Suite 8.8.x/9.x Nginx permission
- CVE-2022-41352 | Synacor Zimbra Collaboration Suite 8.8.15/9.0 amavisd public unrestricted upload
- CVE-2022-41343 | Dompdf up to 2.0.0 Font Registration FontMetrics.php registerFont file inclusion (ID 2994)
- MVID-2022-0643 | Backdoor.Win32.Bingle.b Service Port 22 hard-coded password
- CVE-2022-41340 | secp256k1-js up to 1.0.x on node.js ECDSA Signature signature verification (ID 11)
- CVE-2022-3228 | Host Engineering H0-ECOM100 Communications Module prior 5.0.156 name/description stack-based overflow (icsa-22-263-04)
- CVE-2022-32537 | Medtronic MiniMed 620G protection mechanism (icsma-22-263-01)