List of latest published vulnerabilities.

Exploit-DB

• [webapps] WordPress Plugin Weblizar 8.9 - Backdoor June 27, 2022
  WordPress Plugin Weblizar 8.9 - Backdoor
• [webapps] WSO2 Management Console (Multiple Products) - Unauthenticated Reflected Cross-Site Scripting (XSS) June 27, 2022
  WSO2 Management Console (Multiple Products) - Unauthenticated Reflected Cross-Site Scripting (XSS)
• [webapps] Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS) June 27, 2022
  Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)
• [webapps] Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated) June 14, 2022
  Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated)
• [remote] Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated) June 14, 2022
  Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)
• [webapps] phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated) June 14, 2022
  phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated)
• [remote] TP-Link Router AX50 firmware 210730 - Remote Code Execution (RCE) (Authenticated) June 14, 2022
  TP-Link Router AX50 firmware 210730 - Remote Code Execution (RCE) (Authenticated)
• [remote] Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE) June 14, 2022
  Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE)
• [webapps] ChurchCRM 4.4.5 - SQLi June 14, 2022
  ChurchCRM 4.4.5 - SQLi
• [webapps] Old Age Home Management System 1.0 - SQLi Authentication Bypass June 14, 2022
  Old Age Home Management System 1.0 - SQLi Authentication Bypass

National Vulnerability Database

• CVE-2022-2264 July 1, 2022
  Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
• CVE-2022-34894 July 1, 2022
  In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
• CVE-2022-2280 July 1, 2022
  Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
• CVE-2022-2279 July 1, 2022
  NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.
• CVE-2022-2274 July 1, 2022
  The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to […]
• CVE-2021-32428 July 1, 2022
  SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php.
• CVE-2022-32988 July 1, 2022
  Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) […]
• CVE-2022-32295 July 1, 2022
  On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
• CVE-2022-27904 July 1, 2022
  The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script.
• CVE-2022-33085 June 30, 2022
  ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.