Vulnerability management.
List of latest published vulnerabilities.
- [webapps] WordPress Plugin Weblizar 8.9 - Backdoor June 27, 2022WordPress Plugin Weblizar 8.9 - Backdoor
- [webapps] WSO2 Management Console (Multiple Products) - Unauthenticated Reflected Cross-Site Scripting (XSS) June 27, 2022WSO2 Management Console (Multiple Products) - Unauthenticated Reflected Cross-Site Scripting (XSS)
- [webapps] Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS) June 27, 2022Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)
- [webapps] Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated) June 14, 2022Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated)
- [remote] Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated) June 14, 2022Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)
- [webapps] phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated) June 14, 2022phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated)
- [remote] TP-Link Router AX50 firmware 210730 - Remote Code Execution (RCE) (Authenticated) June 14, 2022TP-Link Router AX50 firmware 210730 - Remote Code Execution (RCE) (Authenticated)
- [remote] Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE) June 14, 2022Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE)
- [webapps] ChurchCRM 4.4.5 - SQLi June 14, 2022ChurchCRM 4.4.5 - SQLi
- [webapps] Old Age Home Management System 1.0 - SQLi Authentication Bypass June 14, 2022Old Age Home Management System 1.0 - SQLi Authentication Bypass
National Vulnerability Database
- CVE-2022-2264 July 1, 2022Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
- CVE-2022-34894 July 1, 2022In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
- CVE-2022-2280 July 1, 2022Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
- CVE-2022-2279 July 1, 2022NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.
- CVE-2022-2274 July 1, 2022The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to […]
- CVE-2021-32428 July 1, 2022SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php.
- CVE-2022-32988 July 1, 2022Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) […]
- CVE-2022-32295 July 1, 2022On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
- CVE-2022-27904 July 1, 2022The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script.
- CVE-2022-33085 June 30, 2022ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.