2022-03-30
2022-03-30 23:15Z
CRIT

CVE-2021-46007 — Totolink Ar3100r_firmware: a3100r V5.9c.4577 is vulnerable to os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-46007

totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks. CVSSv3.1 9.8 (CRITICAL) · EPSS 88th percentile

CWECWE 78VNDTotolinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-03-29
2022-03-29 01:15Z
CRIT

CVE-2022-25521 — Nuuo Network_video_recorder_firmware: v03.11.00 was discovered to contain access control issue.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25521

NUUO v03.11.00 was discovered to contain access control issue. CVSSv3.1 9.8 (CRITICAL) · EPSS 74th percentile

CWECWE 798VNDNuuoTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-03-28
2022-03-28 00:15Z
CRIT

CVE-2022-26258 — Dlink Dir-820l_firmware: D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-26258in the wild

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile

CWECWE 78VNDDlinkVNDLinkTYPVulnerabilitySTAitw exploited
9.8
CVSS v3.1
100
Edit Score
2022-03-25
2022-03-25 23:15Z
HIGH

CVE-2021-40905 — Checkmk Checkmk: The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-40905

The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session of a user with administrator role. NOTE: the vendor states that this is the intended behavior: admins are supposed to be able to execute c CVSSv3.1 8.8 (HIGH) · EPSS 85th percentile

CWECWE 434VNDCheckmkTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-03-25
2022-03-25 23:15Z
HIGH

CVE-2021-40904 — Checkmk Checkmk: The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-40904

The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator. CVSSv3.1 8.8 (HIGH) · EPSS 89th percentile

CWECWE 276VNDCheckmkTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-03-25
2022-03-25 21:15Z
HIGH

CVE-2022-25523 — Typesettercms Typesetter: v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25523

TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. CVSSv3.1 8.8 (HIGH) · EPSS 46th percentile

CWECWE 352VNDTypesettercmsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-03-25
2022-03-25 17:15Z
MED

CVE-2022-26263 — Yonyou U8\+: u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-26263

Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. CVSSv3.1 6.1 (MEDIUM) · EPSS 98th percentile

CWECWE 79VNDYonyouTYPVulnerability
6.1
CVSS v3.1
92
Edit Score
728 × 90 / responsive · programmatic ad slot
2022-03-25
2022-03-25 09:15Z
HIGH

CVE-2018-25032 — Nokogiri Nokogiri: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVSSv3.1 7.5 (HIGH) · EPSS 99th percentile

CWECWE 787VNDNokogiriVNDZlibTYPVulnerability
7.5
CVSS v3.1
100
Edit Score
2022-03-23
2022-03-23 20:15Z
CRIT

CVE-2022-24293 — Hp Laserjet_pro_m453-m454_w1y40a_firmware: Certain HP Print devices may be vulnerable to potential information disclosure, denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24293

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. CVSSv3.1 9.8 (CRITICAL) · EPSS 93th percentile

VNDHpVNDCertainTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-03-23
2022-03-23 20:15Z
CRIT

CVE-2022-24292 — Hp Laserjet_pro_m453-m454_w1y40a_firmware: Certain HP Print devices may be vulnerable to potential information disclosure, denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24292

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. CVSSv3.1 9.8 (CRITICAL) · EPSS 93th percentile

VNDHpVNDCertainTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-03-23
2022-03-23 20:15Z
CRIT

CVE-2022-0888 — Ninjaforms Ninja_forms_file_uploads: The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-0888

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0 CVSSv3.1 9.8 (CRITICAL) · EPSS 93th percentile

CWECWE 434VNDNinjaformsVNDNinjaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-03-23
2022-03-23 11:15Z
CRIT

CVE-2021-45756 — Asus Rt-ac68u_firmware: RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-45756

Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. CVSSv3.1 9.8 (CRITICAL) · EPSS 75th percentile

CWECWE 120VNDAsusTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-03-21
2022-03-21 20:15Z
HIGH

CVE-2022-23349 — Bigantsoft Bigant_server: BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-23349

BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). CVSSv3.1 8.8 (HIGH) · EPSS 49th percentile

CWECWE 352VNDBigantsoftVNDBigantTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-03-21
2022-03-21 20:15Z
HIGH

CVE-2022-23347 — Bigantsoft Bigant_server: BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-23347

BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. CVSSv3.1 7.5 (HIGH) · EPSS 96th percentile

CWECWE 22VNDBigantsoftVNDBigantTYPVulnerability
7.5
CVSS v3.1
91
Edit Score
2022-03-21
2022-03-21 20:15Z
HIGH

CVE-2022-23346 — Bigantsoft Bigant_server: BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-23346

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. CVSSv3.1 8.8 (HIGH) · EPSS 73th percentile

CWECWE 434VNDBigantsoftVNDBigantTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-03-18
2022-03-18 23:15Z
CRIT

CVE-2022-25578 — Taogogo Taocms: v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25578

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. CVSSv3.1 9.8 (CRITICAL) · EPSS 75th percentile

CWECWE 94VNDTaogogoTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-03-18
2022-03-18 18:15Z
HIGH

CVE-2022-27245 — Misp-project Misp: This could lead to SSRF.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-27245

An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile

CWECWE 918VNDMispVNDMisp ProjectTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-03-18
2022-03-18 11:15Z
CRIT

CVE-2021-45834 — Opendocman Opendocman: An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-45834

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile

CWECWE 434VNDOpendocmanTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-03-17
2022-03-17 22:15Z
CRIT

CVE-2021-44088 — Attendance_and_payroll_system_project Attendance_and_payroll_system: An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-44088

An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters. CVSSv3.1 9.8 (CRITICAL) · EPSS 87th percentile

CWECWE 89VNDAttendance And Payroll System ProjectTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-03-17
2022-03-17 22:15Z
CRIT

CVE-2021-44087 — Attendance_and_payroll_system_project Attendance_and_payroll_system: A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-44087

A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. CVSSv3.1 9.8 (CRITICAL) · EPSS 91th percentile

VNDCodeVNDAttendance And Payroll System ProjectTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-03-11
2022-03-11 16:15Z
CRIT

CVE-2021-44620 — Totolink A3100r_firmware: A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-44620

A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile

CWECWE 77VNDTotolinkVNDCommandTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-03-10
2022-03-10 17:47Z
HIGH

CVE-2022-25090 — Kofax Printix: Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25090

Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. CVSSv3.1 8.1 (HIGH) · EPSS 95th percentile

CWECWE 362VNDKofaxVNDPrintixTYPVulnerability
8.1
CVSS v3.1
94
Edit Score
2022-03-10
2022-03-10 17:46Z
HIGH

CVE-2022-24644 — Zzinc Keymouse_firmware: KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24644

ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse. CVSSv3.1 8.8 (HIGH) · EPSS 80th percentile

CWECWE 494VNDZzincVNDIncTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-03-10
2022-03-10 17:45Z
CRIT

CVE-2022-23383 — Yzmcms Yzmcms: Without login, unauthorized access to the user's personal home page can be realized.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-23383

YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out. CVSSv3.1 9.1 (CRITICAL) · EPSS 70th percentile

CWECWE 287VNDYzmcmsTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2022-03-09
2022-03-09 20:15Z
CRIT

CVE-2022-0715 — Schneider-electric Smt_series_1015_ups_firmware: A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-0715

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UP CVSSv3.1 9.1 (CRITICAL) · EPSS 78th percentile

CWECWE 345CWECWE 287VNDSchneider ElectricVNDCweTYPVulnerability
9.1
CVSS v3.1
96
Edit Score