Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2022-32993 — Totolink A7000r_firmware: A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh.
TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. CVSSv3.1 9.8 (CRITICAL) · EPSS 52th percentile
CVE-2022-38555 — Linksys E1200_firmware: E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.
Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. CVSSv3.1 9.8 (CRITICAL) · EPSS 96th percentile
CVE-2022-37053 — Trendnet Tew733gr_firmware: TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php.
TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 84th percentile
CVE-2021-42627 — Dlink Dir-615_firmware: The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile
CVE-2021-42232 — Tp-link Archer_a7_firmware: Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp.
TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router. CVSSv3.1 9.8 (CRITICAL) · EPSS 86th percentile
CVE-2022-35201 — Tenda Ac18_firmware: Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.
Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. CVSSv3.1 9.8 (CRITICAL) · EPSS 76th percentile
CVE-2022-35167 — Prinitix Cloud_print_management: Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions.
Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions. CVSSv3.1 8.8 (HIGH) · EPSS 57th percentile
CVE-2022-36262 — Taogogo Taocms: in the website settings that allows arbitrary php code to be injected by modifying
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile
CVE-2022-36323 — Siemens Scalance_m-800_firmware: This could allow an authenticated remote attacker with administrative privileges to inject code or
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. CVSSv3.1 9.1 (CRITICAL) · EPSS 68th percentile
CVE-2022-37434 — Zlib Zlib: through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). CVSSv3.1 9.8 (CRITICAL) · EPSS 97th percentile
CVE-2022-31321 — Boltcms Bolt: The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. CVSSv3.1 9.1 (CRITICAL) · EPSS 50th percentile
CVE-2022-1277 — Inavitas Solar_log: Solar Log product has an unauthenticated SQL Injection vulnerability.
Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. CVSSv3.1 9.4 (CRITICAL) · EPSS 52th percentile
CVE-2021-41556 — Squirrel-lang Squirrel: sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScr CVSSv3.1 10.0 (CRITICAL) · EPSS 85th percentile
CVE-2022-35131 — Joplinapp Joplin: v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into
Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles. CVSSv3.1 9.0 (CRITICAL) · EPSS 79th percentile
CVE-2022-2444 — Themeisle Visualizer: The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also presen CVSSv3.1 8.8 (HIGH) · EPSS 86th percentile
CVE-2022-2443 — Freemind_wp_browser_project Freemind_wp_browser: The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in
The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions() function found in the ~/freemind-wp-browser.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 44th percentile
CVE-2022-2437 — Slickremix Feed_them_social: The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacke CVSSv3.1 9.8 (CRITICAL) · EPSS 93th percentile
CVE-2022-2435 — Anymind Anymind_widget: The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions
The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure() function found in the ~/anymind-widget-id.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site’s administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
CVE-2022-2039 — Livesupporti Free_live_chat_support: The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery
The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupporti_settings() function found in the ~/livesupporti.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 51th percentile
CVE-2022-2001 — Devrix Dx_share_selection: The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in
The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxss_admin_page() function found in the ~/dx-share-selection.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 55th percentile
CVE-2022-1912 — Smartsoft Button_widget_smartsoft: The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 41th percentile
CVE-2022-1565 — Wpallimport Wp_all_import: The plugin WP All Import is vulnerable to arbitrary file uploads due to missing
The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible. CVSSv3.1 7.2 (HIGH) · EPSS 98th percentile
CVE-2022-35409 — Arm Mbed_tls: This can cause a server crash or possibly information disclosure based on error responses.
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the c CVSSv3.1 9.1 (CRITICAL) · EPSS 84th percentile
CVE-2022-32119 — Arox School_erp_pro: School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities
Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php. CVSSv3.1 8.8 (HIGH) · EPSS 78th percentile
CVE-2022-30024 — Tp-link Tl-wr841_firmware: A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9)
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected. CVSSv3.1 8.8 (HIGH) · EPSS 80th percentile