Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2022-28944 — Emcosoftware Msi_package_builder: The impact is: execute arbitrary code (remote).
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. CVSSv3.1 8.8 (HIGH)
CVE-2022-30014 — Simple_food_website_project Simple_food_website: Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. CVSSv3.1 8.8 (HIGH) · EPSS 45th percentile
CVE-2022-28932 — Dlink Dsl-g2452dg_firmware: D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. CVSSv3.1 9.8 (CRITICAL) · EPSS 86th percentile
CVE-2022-29351 — Tiddlywiki Tiddlywiki5: An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows
An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a legitimate issue and there is no vulnerability here. CVSSv3.1 9.8 (CRITICAL) · EPSS 82th percentile
CVE-2020-22983 — Microstrategy Microstrategy_web: A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task. CVSSv3.1 8.1 (HIGH) · EPSS 81th percentile
CVE-2022-26934 — Microsoft 365_apps: Windows Graphics Component Information Disclosure Vulnerability
Windows Graphics Component Information Disclosure Vulnerability CVSSv3.1 6.5 (MEDIUM) · EPSS 95th percentile
CVE-2022-1505 — Carrcommunications Rsvpmaker: The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6. CVSSv3.1 9.8 (CRITICAL) · EPSS 88th percentile
CVE-2022-1476 — Servmask All-in-one_wp_migration: The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via
The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users who have access to the site's secret key. CVSSv3.1 6.6 (MEDIUM) · EPSS 97th percentile
CVE-2022-1453 — Carrcommunications Rsvpmaker: The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile
CVE-2022-1442 — Wpmet Metform_elementor_contact_form_builder: The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3. CVSSv3.1 7.5 (HIGH) · EPSS 99th percentile
Impacket 0.10.0
Impacket 0.10.0 released with significant library improvements including Python 2.7 deprecation, refactored testing infrastructure, and multiple new attack capabilities. Notable additions include MS-DSSP protocol implementation, ADCS ESC1/ESC6 attack support, Shadow Credentials attack, Kerberos Key List attack implementation, and enhanced ntlmrelayx.py with multi-relay and StartTLS support.
CVE-2022-29347 — Web\@rchiv_project Web\@rchiv: An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands
An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. CVSSv3.1 9.8 (CRITICAL) · EPSS 79th percentile
CVE-2022-28568 — Simple_doctor\'s_appointment_system_project Simple_doctor\'s_appointment_system: Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image
Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored. CVSSv3.1 9.8 (CRITICAL) · EPSS 89th percentile
CVE-2021-43164 — Ruijienetworks Reyeeos: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. CVSSv3.1 8.8 (HIGH) · EPSS 98th percentile
CVE-2021-43163 — Ruijienetworks Reyeeos: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. CVSSv3.1 9.8 (CRITICAL) · EPSS 80th percentile
CVE-2021-43162 — Ruijienetworks Reyeeos: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose. CVSSv3.1 8.8 (HIGH) · EPSS 75th percentile
CVE-2021-43161 — Ruijienetworks Reyeeos: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. CVSSv3.1 8.8 (HIGH) · EPSS 75th percentile
CVE-2021-43160 — Ruijienetworks Reyeeos: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose. CVSSv3.1 8.8 (HIGH) · EPSS 75th percentile
CVE-2021-43159 — Ruijienetworks Reyeeos: A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common.. CVSSv3.1 8.8 (HIGH) · EPSS 77th percentile
CVE-2022-28118 — Sscms Siteserver_cms: SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. CVSSv3.1 9.8 (CRITICAL) · EPSS 84th percentile
CVE-2021-44596 — Wondershare Dr.fone: Fone as of 2021-12-06 version is affected by Remote code execution.
Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges CVSSv3.1 9.8 (CRITICAL) · EPSS 97th percentile
CVE-2021-44595 — Wondershare Dr.fone: Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control.
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. CVSSv3.1 8.8 (HIGH) · EPSS 97th percentile
CVE-2021-41945 — Encode Httpx: OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client`
Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. CVSSv3.1 9.1 (CRITICAL) · EPSS 80th percentile
CVE-2022-27985 — Cuppacms Cuppacms: v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 93th percentile
CVE-2022-27984 — Cuppacms Cuppacms: v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 93th percentile