U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2022-28960 - A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
    Published: May 19, 2022; 5:15:08 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.5 MEDIUM

  • CVE-2022-28961 - Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
    Published: May 19, 2022; 5:15:08 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.5 MEDIUM

  • CVE-2022-28959 - Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
    Published: May 19, 2022; 5:15:08 PM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2021-45730 - JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators.
    Published: May 19, 2022; 11:15:07 AM -0400

    V3.1: 4.9 MEDIUM
    V2.0: 4.0 MEDIUM

  • CVE-2022-1110 - A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service.
    Published: May 18, 2022; 12:15:08 PM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 4.9 MEDIUM

  • CVE-2021-42852 - A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
    Published: May 18, 2022; 12:15:08 PM -0400

    V3.1: 8.0 HIGH
    V2.0: 7.7 HIGH

  • CVE-2022-30946 - A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.
    Published: May 17, 2022; 11:15:08 AM -0400

    V3.1: 4.3 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2022-30945 - Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.
    Published: May 17, 2022; 11:15:08 AM -0400

  • CVE-2022-1795 - Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.
    Published: May 18, 2022; 11:15:09 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-27548 - There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
    Published: May 18, 2022; 11:15:08 AM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2022-1782 - Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11.
    Published: May 18, 2022; 11:15:08 AM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2022-28958 - D-Link DIR816L_FW206b01 was discovered to contain a remote code execution (RCE) vulnerability via the value parameter at shareport.php.
    Published: May 18, 2022; 8:15:08 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2022-28955 - An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
    Published: May 18, 2022; 8:15:08 AM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2022-28956 - An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
    Published: May 18, 2022; 8:15:08 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2022-30976 - GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
    Published: May 18, 2022; 7:15:15 AM -0400

    V3.1: 7.1 HIGH
    V2.0: 4.0 MEDIUM

  • CVE-2022-30975 - In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
    Published: May 18, 2022; 7:15:15 AM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2022-30974 - compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
    Published: May 18, 2022; 7:15:15 AM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2022-28616 - A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
    Published: May 17, 2022; 5:15:08 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2022-24394 - Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP re... read CVE-2022-24394
    Published: May 17, 2022; 4:15:08 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 9.0 HIGH

  • CVE-2022-24393 - Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The vulnerability could allow a specially crafted HTTP r... read CVE-2022-24393
    Published: May 17, 2022; 4:15:08 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 9.0 HIGH