U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}
Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2022-22012 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
    Published: May 10, 2022; 5:15:09 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 9.3 HIGH

  • CVE-2022-22013 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
    Published: May 10, 2022; 5:15:09 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.5 MEDIUM

  • CVE-2022-22014 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
    Published: May 10, 2022; 5:15:09 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.5 MEDIUM

  • CVE-2022-29131 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
    Published: May 10, 2022; 5:15:12 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 9.0 HIGH

  • CVE-2022-29130 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
    Published: May 10, 2022; 5:15:12 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 9.3 HIGH

  • CVE-2022-29129 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
    Published: May 10, 2022; 5:15:12 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 9.0 HIGH

  • CVE-2021-39670 - In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploita... read CVE-2021-39670
    Published: May 10, 2022; 4:15:08 PM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 4.9 MEDIUM

  • CVE-2022-1463 - The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP object... read CVE-2022-1463
    Published: May 10, 2022; 4:15:08 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 6.5 MEDIUM

  • CVE-2022-29128 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141.
    Published: May 10, 2022; 5:15:12 PM -0400

    V3.1: 8.8 HIGH
    V2.0: 9.0 HIGH

  • CVE-2022-29318 - An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
    Published: May 11, 2022; 9:15:08 AM -0400

    V3.1: 7.2 HIGH
    V2.0: 6.5 MEDIUM

  • CVE-2022-29655 - An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
    Published: May 11, 2022; 9:15:08 AM -0400

    V3.1: 7.2 HIGH
    V2.0: 6.5 MEDIUM

  • CVE-2022-29009 - Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
    Published: May 11, 2022; 10:15:08 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2022-29008 - An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.
    Published: May 11, 2022; 10:15:08 AM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2022-29007 - Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
    Published: May 11, 2022; 10:15:07 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2022-29006 - Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
    Published: May 11, 2022; 10:15:07 AM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2022-28078 - Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.
    Published: May 11, 2022; 10:15:07 AM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2022-28077 - Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.
    Published: May 11, 2022; 10:15:07 AM -0400

    V3.1: 6.1 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2021-26408 - Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality.
    Published: May 10, 2022; 3:15:08 PM -0400

    V3.1: 7.1 HIGH
    V2.0: 6.6 MEDIUM

  • CVE-2022-29976 - An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .
    Published: May 11, 2022; 9:15:08 AM -0400

    V3.1: 5.4 MEDIUM
    V2.0: 3.5 LOW

  • CVE-2022-1505 - The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unau... read CVE-2022-1505
    Published: May 10, 2022; 4:15:08 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM