2022-05-23
2022-05-23 18:16Z
HIGH

CVE-2022-28944 — Emcosoftware Msi_package_builder: The impact is: execute arbitrary code (remote).

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-28944

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. CVSSv3.1 8.8 (HIGH)

CWECWE 494VNDCertainVNDEmcosoftwareTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-05-23
2022-05-23 16:16Z
HIGH

CVE-2022-30014 — Simple_food_website_project Simple_food_website: Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-30014

Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. CVSSv3.1 8.8 (HIGH) · EPSS 45th percentile

CWECWE 352VNDSimple Food Website ProjectVNDLumidekTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-05-23
2022-05-23 16:16Z
CRIT

CVE-2022-28932 — Dlink Dsl-g2452dg_firmware: D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-28932

D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. CVSSv3.1 9.8 (CRITICAL) · EPSS 86th percentile

CWECWE 276VNDDlinkVNDLinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-05-16
2022-05-16 14:15Z
CRIT

CVE-2022-29351 — Tiddlywiki Tiddlywiki5: An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-29351

An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a legitimate issue and there is no vulnerability here. CVSSv3.1 9.8 (CRITICAL) · EPSS 82th percentile

CWECWE 434VNDTiddlywikiTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-05-13
2022-05-13 13:15Z
HIGH

CVE-2020-22983 — Microstrategy Microstrategy_web: A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-22983

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. CVSSv3.1 8.1 (HIGH) · EPSS 81th percentile

CWECWE 918VNDMicrostrategyTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2022-05-10
2022-05-10 21:15Z
MED

CVE-2022-26934 — Microsoft 365_apps: Windows Graphics Component Information Disclosure Vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-26934

Windows Graphics Component Information Disclosure Vulnerability CVSSv3.1 6.5 (MEDIUM) · EPSS 95th percentile

VNDMicrosoftTYPVulnerability
6.5
CVSS v3.1
88
Edit Score
2022-05-10
2022-05-10 20:15Z
CRIT

CVE-2022-1505 — Carrcommunications Rsvpmaker: The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-1505

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6. CVSSv3.1 9.8 (CRITICAL) · EPSS 88th percentile

CWECWE 89VNDCarrcommunicationsVNDRsvpmakerTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2022-05-10
2022-05-10 20:15Z
MED

CVE-2022-1476 — Servmask All-in-one_wp_migration: The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-1476

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users who have access to the site's secret key. CVSSv3.1 6.6 (MEDIUM) · EPSS 97th percentile

CWECWE 22VNDServmaskVNDOneTYPVulnerability
6.6
CVSS v3.1
94
Edit Score
2022-05-10
2022-05-10 20:15Z
CRIT

CVE-2022-1453 — Carrcommunications Rsvpmaker: The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-1453

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile

CWECWE 89VNDCarrcommunicationsVNDRsvpmakerTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-05-10
2022-05-10 20:15Z
HIGH

CVE-2022-1442 — Wpmet Metform_elementor_contact_form_builder: The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3. CVSSv3.1 7.5 (HIGH) · EPSS 99th percentile

CWECWE 862VNDWpmetVNDMetformTYPVulnerability
7.5
CVSS v3.1
100
Edit Score
2022-05-04
2022-05-04 18:38Z
INFO

Impacket 0.10.0

Impacket releases·github.com

Impacket 0.10.0 released with significant library improvements including Python 2.7 deprecation, refactored testing infrastructure, and multiple new attack capabilities. Notable additions include MS-DSSP protocol implementation, ADCS ESC1/ESC6 attack support, Shadow Credentials attack, Kerberos Key List attack implementation, and enhanced ntlmrelayx.py with multi-relay and StartTLS support.

SRFNetworkTACTA0006SRFIdentityTACTA0008VNDImpacketTYPToolSTGDiscoverySTGCred Access
78
Edit Score
2022-05-04
2022-05-04 15:15Z
CRIT

CVE-2022-29347 — Web\@rchiv_project Web\@rchiv: An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-29347

An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. CVSSv3.1 9.8 (CRITICAL) · EPSS 79th percentile

CWECWE 434VNDWeb Rchiv ProjectTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-05-04
2022-05-04 15:15Z
CRIT

CVE-2022-28568 — Simple_doctor\'s_appointment_system_project Simple_doctor\'s_appointment_system: Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-28568

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored. CVSSv3.1 9.8 (CRITICAL) · EPSS 89th percentile

CWECWE 434VNDSourcecodesterVNDSimple Doctor S Appointment System ProjectTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-05-04
2022-05-04 01:15Z
HIGH

CVE-2021-43164 — Ruijienetworks Reyeeos: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-43164

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. CVSSv3.1 8.8 (HIGH) · EPSS 98th percentile

CWECWE 78VNDCodeVNDRuijienetworksTYPVulnerability
8.8
CVSS v3.1
100
Edit Score
2022-05-04
2022-05-04 01:15Z
CRIT

CVE-2021-43163 — Ruijienetworks Reyeeos: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-43163

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. CVSSv3.1 9.8 (CRITICAL) · EPSS 80th percentile

CWECWE 77VNDCodeVNDRuijienetworksTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-05-04
2022-05-04 01:15Z
HIGH

CVE-2021-43162 — Ruijienetworks Reyeeos: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-43162

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose. CVSSv3.1 8.8 (HIGH) · EPSS 75th percentile

CWECWE 77VNDCodeVNDRuijienetworksTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-05-04
2022-05-04 01:15Z
HIGH

CVE-2021-43161 — Ruijienetworks Reyeeos: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-43161

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. CVSSv3.1 8.8 (HIGH) · EPSS 75th percentile

CWECWE 77VNDCodeVNDRuijienetworksTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-05-04
2022-05-04 01:15Z
HIGH

CVE-2021-43160 — Ruijienetworks Reyeeos: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-43160

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose. CVSSv3.1 8.8 (HIGH) · EPSS 75th percentile

CWECWE 77VNDCodeVNDRuijienetworksTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-05-04
2022-05-04 01:15Z
HIGH

CVE-2021-43159 — Ruijienetworks Reyeeos: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-43159

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common.. CVSSv3.1 8.8 (HIGH) · EPSS 77th percentile

CWECWE 77VNDCodeVNDRuijienetworksTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-05-03
2022-05-03 01:15Z
CRIT

CVE-2022-28118 — Sscms Siteserver_cms: SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-28118

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. CVSSv3.1 9.8 (CRITICAL) · EPSS 84th percentile

VNDSscmsVNDSiteserverTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-04-29
2022-04-29 12:15Z
CRIT

CVE-2021-44596 — Wondershare Dr.fone: Fone as of 2021-12-06 version is affected by Remote code execution.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-44596

Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges CVSSv3.1 9.8 (CRITICAL) · EPSS 97th percentile

VNDWondershareTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-04-29
2022-04-29 12:15Z
HIGH

CVE-2021-44595 — Wondershare Dr.fone: Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-44595

Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. CVSSv3.1 8.8 (HIGH) · EPSS 97th percentile

CWECWE 862VNDWondershareTYPVulnerability
8.8
CVSS v3.1
100
Edit Score
2022-04-28
2022-04-28 14:15Z
CRIT

CVE-2021-41945 — Encode Httpx: OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client`

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-41945

Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. CVSSv3.1 9.1 (CRITICAL) · EPSS 80th percentile

CWECWE 20VNDEncodeTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2022-04-26
2022-04-26 14:15Z
CRIT

CVE-2022-27985 — Cuppacms Cuppacms: v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-27985

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 93th percentile

CWECWE 89VNDCuppacmsTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-04-26
2022-04-26 14:15Z
CRIT

CVE-2022-27984 — Cuppacms Cuppacms: v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-27984

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 93th percentile

CWECWE 89VNDCuppacmsTYPVulnerability
9.8
CVSS v3.1
100
Edit Score