List of latest published vulnerabilities.

Exploit-DB

• [webapps] Open Web Analytics 1.7.3 - Remote Code Execution November 11, 2022
  Open Web Analytics 1.7.3 - Remote Code Execution
• [webapps] CVAT 2.0 - Server Side Request Forgery November 11, 2022
  CVAT 2.0 - Server Side Request Forgery
• [remote] MSNSwitch Firmware MNT.2408 - Remote Code Execution November 11, 2022
  MSNSwitch Firmware MNT.2408 - Remote Code Execution
• [remote] AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal November 11, 2022
  AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
• [local] IOTransfer V4 - Unquoted Service Path November 11, 2022
  IOTransfer V4 - Unquoted Service Path
• [remote] SmartRG Router SR510n 2.6.13 - Remote Code Execution November 11, 2022
  SmartRG Router SR510n 2.6.13 - Remote Code Execution
• [webapps] Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated) October 17, 2022
  Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)
• [webapps] Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi October 6, 2022
  Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi
• [webapps] Feehi CMS 2.1.1 - Remote Code Execution (Authenticated) September 23, 2022
  Feehi CMS 2.1.1 - Remote Code Execution (Authenticated)
• [webapps] Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) September 23, 2022
  Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)

National Vulnerability Database

• CVE-2022-2808 December 2, 2022
  Algan Yazılım Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability.
• CVE-2022-2807 December 2, 2022
  Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability.
• CVE-2022-45562 December 2, 2022
  Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.
• CVE-2022-44929 December 2, 2022
  An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles.
• CVE-2022-44930 December 2, 2022
  D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.
• CVE-2022-44928 December 2, 2022
  D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.
• CVE-2022-43325 December 2, 2022
  An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.
• CVE-2022-43333 December 1, 2022
  Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php.
• CVE-2022-44212 December 1, 2022
  In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel.
• CVE-2022-35120 December 1, 2022
  IXPdata EasyInstall 6.6.14725 contains an access control issue.