CVE-2022-22012 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
Published: May 10, 2022; 5:15:09 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 9.3 HIGH

CVE-2022-22013 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
Published: May 10, 2022; 5:15:09 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM

CVE-2022-22014 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
Published: May 10, 2022; 5:15:09 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM

CVE-2022-29131 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
Published: May 10, 2022; 5:15:12 PM -0400

V3.1: 8.8 HIGH
V2.0: 9.0 HIGH

CVE-2022-29130 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
Published: May 10, 2022; 5:15:12 PM -0400

V3.1: 9.8 CRITICAL
V2.0: 9.3 HIGH

CVE-2022-29129 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
Published: May 10, 2022; 5:15:12 PM -0400

V3.1: 8.8 HIGH
V2.0: 9.0 HIGH

CVE-2021-39670 - In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploita... read CVE-2021-39670
Published: May 10, 2022; 4:15:08 PM -0400

V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM

CVE-2022-1463 - The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP object... read CVE-2022-1463
Published: May 10, 2022; 4:15:08 PM -0400

V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM

CVE-2022-29128 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
Published: May 10, 2022; 5:15:12 PM -0400

V3.1: 8.8 HIGH
V2.0: 9.0 HIGH

CVE-2022-29318 - An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
Published: May 11, 2022; 9:15:08 AM -0400

V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM

CVE-2022-29655 - An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
Published: May 11, 2022; 9:15:08 AM -0400

V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM

CVE-2022-29009 - Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
Published: May 11, 2022; 10:15:08 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2022-29008 - An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.
Published: May 11, 2022; 10:15:08 AM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

CVE-2022-29007 - Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
Published: May 11, 2022; 10:15:07 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2022-29006 - Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
Published: May 11, 2022; 10:15:07 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

CVE-2022-28078 - Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.
Published: May 11, 2022; 10:15:07 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2022-28077 - Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.
Published: May 11, 2022; 10:15:07 AM -0400

V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

CVE-2021-26408 - Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality.
Published: May 10, 2022; 3:15:08 PM -0400

V3.1: 7.1 HIGH
V2.0: 6.6 MEDIUM

CVE-2022-29976 - An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .
Published: May 11, 2022; 9:15:08 AM -0400

V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW

CVE-2022-1505 - The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unau... read CVE-2022-1505
Published: May 10, 2022; 4:15:08 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM