2022-11-10
2022-11-10 15:15Z
CRIT

CVE-2022-44088 — Ecisp Espcms: P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-44088

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION. CVSSv3.1 9.8 (CRITICAL) · EPSS 97th percentile

CWECWE 94VNDEcispVNDEspcmsTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-11-10
2022-11-10 15:15Z
CRIT

CVE-2022-44087 — Ecisp Espcms: P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-44087

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. CVSSv3.1 9.8 (CRITICAL) · EPSS 73th percentile

CWECWE 94VNDEcispVNDEspcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-11-09
2022-11-09 22:15Z
HIGH

CVE-2022-41106 — Microsoft 365_apps: Excel Remote Code Execution Vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-41106

Microsoft Excel Remote Code Execution Vulnerability CVSSv3.1 8.8 (HIGH) · EPSS 95th percentile

VNDMicrosoftTYPVulnerability
8.8
CVSS v3.1
99
Edit Score
2022-11-03
2022-11-03 18:15Z
HIGH

CVE-2022-3852 — Vr_calendar_project Vr_calendar: The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-3852

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 58th percentile

CWECWE 352VNDVr Calendar ProjectVNDCalendarTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-11-03
2022-11-03 17:15Z
HIGH

CVE-2022-3776 — Oracle Restaurant_menu_-_food_ordering_system_-_table_reservation: The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-3776

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request gra CVSSv3.1 8.8 (HIGH) · EPSS 73th percentile

CWECWE 352VNDOracleVNDRestaurantTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-11-01
2022-11-01 18:15Z
HIGH

CVE-2022-3786 — Openssl Openssl: This buffer overflow could result in a crash (causing a denial of service).

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the CVSSv3.1 7.5 (HIGH) · EPSS 96th percentile

CWECWE 120VNDFedoraprojectVNDOpensslTYPVulnerability
7.5
CVSS v3.1
95
Edit Score
2022-11-01
2022-11-01 18:15Z
HIGH

CVE-2022-3602 — Openssl Openssl: This buffer overflow could result in a crash (causing a denial of service) or

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer CVSSv3.1 7.5 (HIGH) · EPSS 99th percentile

CWECWE 787VNDFedoraprojectVNDOpensslVNDNetappTYPVulnerability
7.5
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2022-10-28
2022-10-28 19:15Z
CRIT

CVE-2022-3708 — Google Web_stories: The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-3708

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This makes it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. CVSSv3.1 9.6 (CRITICAL) · EPSS 78th percentile

CWECWE 918VNDGoogleVNDWebTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2022-10-27
2022-10-27 20:15Z
HIGH

CVE-2022-43340 — Dzzoffice Dzzoffice: A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-43340

A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. CVSSv3.1 8.8 (HIGH) · EPSS 33th percentile

CWECWE 352VNDDzzofficeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-10-25
2022-10-25 17:15Z
CRIT

CVE-2022-38580 — Zalando Skipper: v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). CVSSv3.1 9.8 (CRITICAL) · EPSS 95th percentile

CWECWE 918VNDZalandoTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-10-19
2022-10-19 12:15Z
CRIT

CVE-2022-41415 — Acer Altos_w2000h-w570h_f4_firmware: This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-41415

Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable. CVSSv3.1 9.8 (CRITICAL) · EPSS 67th percentile

CWECWE 787VNDAcerTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-10-17
2022-10-17 18:15Z
CRIT

CVE-2022-40055 — Gxgroup Gpon_ont_titanium_2122a_firmware: An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-40055

An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. CVSSv3.1 9.8 (CRITICAL) · EPSS 52th percentile

CWECWE 307VNDGxgroupVNDGroupTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-10-12
2022-10-12 14:15Z
CRIT

CVE-2022-33106 — Wijungle U250_firmware: NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-33106

WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. CVSSv3.1 9.8 (CRITICAL) · EPSS 53th percentile

CWECWE 307VNDWijungleTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-10-11
2022-10-11 11:15Z
HIGH

CVE-2022-31765 — Siemens 6gk6108-4am00-2ba2_firmware: This could allow low privileged users to escalate their privileges.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-31765

Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. CVSSv3.1 8.8 (HIGH) · EPSS 66th percentile

CWECWE 862VNDSiemensTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-10-07
2022-10-07 23:15Z
HIGH

CVE-2022-36635 — Zkteco Zkbiosecurity_v5000: ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-36635

ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do. CVSSv3.1 8.8 (HIGH) · EPSS 97th percentile

CWECWE 89VNDZktecoTYPVulnerability
8.8
CVSS v3.1
99
Edit Score
2022-10-07
2022-10-07 20:15Z
HIGH

CVE-2022-36634 — Zkteco Zkbiosecurity_v5000: An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-36634

An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile

CWECWE 863VNDZktecoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-10-06
2022-10-06 18:16Z
CRIT

CVE-2022-39269 — Teluu Pjsip: When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-39269

PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There CVSSv3.1 9.1 (CRITICAL) · EPSS 44th percentile

CWECWE 319VNDPjsipVNDTeluuTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2022-09-30
2022-09-30 19:15Z
HIGH

CVE-2022-40341 — Mojoportal Mojoportal: v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-40341

mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. CVSSv3.1 8.8 (HIGH) · EPSS 63th percentile

CWECWE 434VNDMojoportalTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-09-30
2022-09-30 19:15Z
CRIT

CVE-2022-35156 — Phpgurukul Bus_pass_management_system: Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-35156

Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php.. CVSSv3.1 9.8 (CRITICAL) · EPSS 66th percentile

CWECWE 89VNDPhpgurukulVNDBusTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-09-21
2022-09-21 18:15Z
CRIT

CVE-2022-40030 — Simple_task_managing_system_project Simple_task_managing_system: SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-40030

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 64th percentile

CWECWE 89VNDSourcecodesterVNDSimple Task Managing System ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-09-21
2022-09-21 09:15Z
CRIT

CVE-2022-0495 — Parantezteknoloji Koha_library_automation: The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-0495

The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01. CVSSv3.1 9.4 (CRITICAL) · EPSS 61th percentile

CWECWE 89VNDKohaVNDParantezteknolojiTYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2022-09-21
2022-09-21 08:15Z
CRIT

CVE-2022-2315 — Databank Accreditation_tracking\/presentation_module: Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-2315

Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. CVSSv3.1 9.4 (CRITICAL) · EPSS 55th percentile

CWECWE 89VNDDatabankTYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2022-09-21
2022-09-21 00:15Z
CRIT

CVE-2022-38619 — Bpcbt Smartvista_front-end: SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-38619

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf. CVSSv3.1 9.8 (CRITICAL) · EPSS 56th percentile

CWECWE 89VNDBpcbtVNDSmartvistaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-09-20
2022-09-20 11:15Z
CRIT

CVE-2022-2177 — Kayrasoft Kayrasoft: product before version 2 has an unauthenticated SQL Injection vulnerability.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-2177

Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. CVSSv3.1 9.4 (CRITICAL) · EPSS 55th percentile

CWECWE 89VNDKayrasoftTYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2022-09-19
2022-09-19 16:15Z
HIGH

CVE-2022-38618 — Bpcbt Smartvista: SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-38618

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf. CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile

CWECWE 89VNDBpcbtVNDSmartvistaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score