2022-07-15
2022-07-15 12:15Z
HIGH

CVE-2022-32119 — Arox School_erp_pro: School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-32119

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php. CVSSv3.1 8.8 (HIGH) · EPSS 78th percentile

CWECWE 434VNDAroxTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-07-14
2022-07-14 14:15Z
HIGH

CVE-2022-30024 — Tp-link Tl-wr841_firmware: A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-30024

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected. CVSSv3.1 8.8 (HIGH) · EPSS 80th percentile

CWECWE 120VNDTp LinkTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-07-13
2022-07-13 21:15Z
HIGH

CVE-2022-32114 — Strapi Strapi: An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-32114

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF files containing JavaScript, and that all files in a public assets folder are accessible to the outside world (unless the filename begins with a dot character). The administrator can c CVSSv3.1 8.8 (HIGH) · EPSS 72th percentile

CWECWE 434VNDStrapiTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-07-12
2022-07-12 14:15Z
HIGH

CVE-2021-38289 — Novastar Novaicare: An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-38289

An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users, view roles, and other unspecified impacts. NOTE: As of April 2026, the vendor has officially decommissioned the affected legacy endpoints and associated services. The vulnerability is mitigated as the functional logic is no longer operational and the URLs have been removed from CVSSv3.1 8.8 (HIGH) · EPSS 59th percentile

CWECWE 732VNDNovastarTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-07-07
2022-07-07 19:15Z
MED

CVE-2022-33098 — Magnolia-cms Magnolia_cms: Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-33098

Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted SVG document, with JavaScript, for a profile picture. CVSSv3.1 6.1 (MEDIUM) · EPSS 99th percentile

CWECWE 79VNDMagnolia CmsVNDMagnoliaTYPVulnerability
6.1
CVSS v3.1
96
Edit Score
2022-07-06
2022-07-06 19:15Z
CRIT

CVE-2022-33047 — Otfcc_project Otfcc: v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-33047

OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c. CVSSv3.1 9.8 (CRITICAL) · EPSS 60th percentile

CWECWE 787VNDOtfcc ProjectVNDOtfccTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-07-06
2022-07-06 12:15Z
CRIT

CVE-2022-32386 — Tendacn Ac23_ac2100_firmware: Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-32386

Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. CVSSv3.1 9.8 (CRITICAL) · EPSS 95th percentile

CWECWE 787VNDTendaVNDTendacnTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2022-07-06
2022-07-06 12:15Z
CRIT

CVE-2022-32385 — Tendacn Ac23_ac2100_firmware: Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-32385

Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote). CVSSv3.1 9.8 (CRITICAL) · EPSS 77th percentile

CWECWE 787VNDTendaVNDTendacnTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-07-04
2022-07-04 02:15Z
HIGH

CVE-2022-34151 — Omron Nx701-1600_firmware: Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-34151

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who succ CVSSv3.1 8.1 (HIGH) · EPSS 79th percentile

CWECWE 798VNDOmronTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2022-07-01
2022-07-01 21:15Z
HIGH

CVE-2022-32384 — Tendacn Ac23_ac2100_firmware: Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-32384

Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet. CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile

CWECWE 787VNDTendaVNDTendacnTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-06-30
2022-06-30 00:15Z
CRIT

CVE-2022-34835 — Denx U-boot: In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-34835

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function. CVSSv3.1 9.8 (CRITICAL) · EPSS 62th percentile

CWECWE 787VNDDenxVNDDasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-06-17
2022-06-17 13:15Z
CRIT

CVE-2021-45024 — Rocketsoftware Ags-zena: ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-45024

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE). CVSSv3.1 9.8 (CRITICAL) · EPSS 67th percentile

CWECWE 611VNDRocketsoftwareVNDAsgTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-06-16
2022-06-16 22:15Z
HIGH

CVE-2022-26173 — Jforum Jforum: v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-26173

JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. CVSSv3.1 8.8 (HIGH) · EPSS 47th percentile

CWECWE 352VNDJforumTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-06-16
2022-06-16 19:15Z
CRIT

CVE-2022-24562 — Iobit Iotransfer: In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24562

In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile

CWECWE 306VNDIobitTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-06-16
2022-06-16 17:15Z
CRIT

CVE-2022-31384 — Phpgurukul Directory_management_system: Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-31384

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 77th percentile

CWECWE 89VNDPhpgurukulTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-06-16
2022-06-16 17:15Z
CRIT

CVE-2022-31383 — Phpgurukul Directory_management_system: Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-31383

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 77th percentile

CWECWE 89VNDPhpgurukulTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-06-16
2022-06-16 17:15Z
CRIT

CVE-2022-31382 — Phpgurukul Directory_management_system: Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-31382

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 77th percentile

CWECWE 89VNDPhpgurukulTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-06-16
2022-06-16 15:15Z
HIGH

CVE-2022-30023 — Tenda Hg9_firmware: ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-30023

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. CVSSv3.1 8.8 (HIGH) · EPSS 99th percentile

CWECWE 78VNDTendaTYPVulnerability
8.8
CVSS v3.1
100
Edit Score
2022-06-14
2022-06-14 17:15Z
CRIT

CVE-2021-42675 — Kreado Kreasfero: One can upload a malicious PHP file and obtain remote code execution.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42675

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution. CVSSv3.1 9.8 (CRITICAL) · EPSS 86th percentile

CWECWE 434VNDKreadoTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-06-13
2022-06-13 14:15Z
HIGH

CVE-2022-1969 — Script Mobile_browser_color_select: The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-1969

The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 38th percentile

CWECWE 352VNDScriptVNDMobileTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-06-13
2022-06-13 14:15Z
CRIT

CVE-2022-1768 — Carrcommunications Rsvpmaker: The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-1768

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile

CWECWE 89VNDCarrcommunicationsVNDRsvpmakerTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-06-13
2022-06-13 14:15Z
HIGH

CVE-2022-1749 — Wpmk_ajax_finder_project Wpmk_ajax_finder: The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-1749

The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. CVSSv3.1 8.8 (HIGH) · EPSS 41th percentile

CWECWE 352VNDWpmk Ajax Finder ProjectVNDWpmkTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-06-13
2022-06-13 13:15Z
HIGH

CVE-2022-1918 — Toolbar_to_share_project Toolbar_to_share: The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-1918

The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 42th percentile

CWECWE 352VNDToolbar To Share ProjectVNDToolbarTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-06-13
2022-06-13 13:15Z
HIGH

CVE-2022-1900 — Copify Copify: The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-1900

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 34th percentile

CWECWE 352VNDCopifyTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-06-09
2022-06-09 04:15Z
HIGH

CVE-2022-30075 — Tp-link Archer_ax50_firmware: In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-30075

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. CVSSv3.1 8.8 (HIGH) · EPSS 98th percentile

VNDTp LinkVNDLinkTYPVulnerability
8.8
CVSS v3.1
100
Edit Score