Vulnerability management.

List of latest published vulnerabilities.

RSS Exploit-DB

RSS National Vulnerability Database

  • CVE-2022-2264 July 1, 2022
    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
  • CVE-2022-34894 July 1, 2022
    In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
  • CVE-2022-2280 July 1, 2022
    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
  • CVE-2022-2279 July 1, 2022
    NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.
  • CVE-2022-2274 July 1, 2022
    The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to […]
  • CVE-2021-32428 July 1, 2022
    SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php.
  • CVE-2022-32988 July 1, 2022
    Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) […]
  • CVE-2022-32295 July 1, 2022
    On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
  • CVE-2022-27904 July 1, 2022
    The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script.
  • CVE-2022-33085 June 30, 2022
    ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.