Security Vulnerabilities - CVEs Published In May 2022
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-05-26
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
CVSS Score
8.1
EPSS Score
0.003
Published
2022-05-26
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-05-26
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
CVSS Score
6.1
EPSS Score
0.02
Published
2022-05-26
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).
CVSS Score
9.8
EPSS Score
0.02
Published
2022-05-26
In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-05-26
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)
CVSS Score
9.8
EPSS Score
0.004
Published
2022-05-26
In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-05-26
An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-05-26
An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-05-26