NVD

New NVD CVE/CPE API and Legacy SOAP Service Retirement!

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2022-28960 - A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
Published: May 19, 2022; 5:15:08 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2022-28961 - Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
Published: May 19, 2022; 5:15:08 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2022-28959 - Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
Published: May 19, 2022; 5:15:08 PM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-45730 - JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.
Published: May 19, 2022; 11:15:07 AM -0400

V3.1: 4.9 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-1110 - A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service.
Published: May 18, 2022; 12:15:08 PM -0400

V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-42852 - A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
Published: May 18, 2022; 12:15:08 PM -0400

V3.1: 8.0 HIGH
V2.0: 7.7 HIGH
CVE-2022-30946 - A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.
Published: May 17, 2022; 11:15:08 AM -0400

V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-30945 - Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.
Published: May 17, 2022; 11:15:08 AM -0400

V3.1: 10.0 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2022-1795 - Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.
Published: May 18, 2022; 11:15:09 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-27548 - There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
Published: May 18, 2022; 11:15:08 AM -0400

V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-1782 - Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11.
Published: May 18, 2022; 11:15:08 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-28958 - D-Link DIR816L_FW206b01 was discovered to contain a remote code execution (RCE) vulnerability via the value parameter at shareport.php.
Published: May 18, 2022; 8:15:08 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-28955 - An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
Published: May 18, 2022; 8:15:08 AM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-28956 - An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
Published: May 18, 2022; 8:15:08 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-30976 - GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
Published: May 18, 2022; 7:15:15 AM -0400

V3.1: 7.1 HIGH
V2.0: 4.0 MEDIUM
CVE-2022-30975 - In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
Published: May 18, 2022; 7:15:15 AM -0400

V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-30974 - compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
Published: May 18, 2022; 7:15:15 AM -0400

V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-28616 - A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
Published: May 17, 2022; 5:15:08 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-24394 - Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP re... read CVE-2022-24394
Published: May 17, 2022; 4:15:08 PM -0400

V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2022-24393 - Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP r... read CVE-2022-24393
Published: May 17, 2022; 4:15:08 PM -0400

V3.1: 8.8 HIGH
V2.0: 9.0 HIGH

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database