2022-03-10
2022-03-10 17:47Z
HIGH

CVE-2022-25090 — Kofax Printix: Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25090

Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. CVSSv3.1 8.1 (HIGH) · EPSS 95th percentile

CWECWE 362VNDKofaxVNDPrintixTYPVulnerability
8.1
CVSS v3.1
94
Edit Score
2022-03-10
2022-03-10 17:46Z
HIGH

CVE-2022-24644 — Zzinc Keymouse_firmware: KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24644

ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse. CVSSv3.1 8.8 (HIGH) · EPSS 80th percentile

CWECWE 494VNDZzincVNDIncTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-03-10
2022-03-10 17:45Z
CRIT

CVE-2022-23383 — Yzmcms Yzmcms: Without login, unauthorized access to the user's personal home page can be realized.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-23383

YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out. CVSSv3.1 9.1 (CRITICAL) · EPSS 70th percentile

CWECWE 287VNDYzmcmsTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2022-03-09
2022-03-09 20:15Z
CRIT

CVE-2022-0715 — Schneider-electric Smt_series_1015_ups_firmware: A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-0715

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UP CVSSv3.1 9.1 (CRITICAL) · EPSS 78th percentile

CWECWE 345CWECWE 287VNDSchneider ElectricVNDCweTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2022-03-04
2022-03-04 15:15Z
HIGH

CVE-2020-18326 — Intelliants Subrion_cms: Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-18326

Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. CVSSv3.1 8.8 (HIGH) · EPSS 81th percentile

CWECWE 352VNDIntelliantsTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-03-03
2022-03-03 03:15Z
HIGH

CVE-2021-42950 — Zepl Zepl: Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42950

Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon cr CVSSv3.1 8.8 (HIGH) · EPSS 73th percentile

VNDCodeVNDZeplTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-03-03
2022-03-03 00:15Z
CRIT

CVE-2022-25089 — Kofax Printix: Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25089

Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. CVSSv3.1 9.8 (CRITICAL) · EPSS 97th percentile

CWECWE 269VNDKofaxVNDPrintixTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2022-03-01
2022-03-01 23:15Z
HIGH

CVE-2022-24255 — Extensis Portfolio: v4.0 was discovered to contain hardcoded credentials which allows attackers to gain

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24255

Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. CVSSv3.1 8.8 (HIGH) · EPSS 73th percentile

CWECWE 798VNDExtensisTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-03-01
2022-03-01 23:15Z
HIGH

CVE-2022-24254 — Extensis Portfolio: An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24254

An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. CVSSv3.1 8.8 (HIGH) · EPSS 85th percentile

CWECWE 434VNDExtensisTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-03-01
2022-03-01 23:15Z
HIGH

CVE-2022-24253 — Extensis Portfolio: v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24253

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. CVSSv3.1 8.8 (HIGH) · EPSS 73th percentile

CWECWE 434VNDExtensisTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-03-01
2022-03-01 23:15Z
HIGH

CVE-2022-24252 — Extensis Portfolio: An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24252

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. CVSSv3.1 8.8 (HIGH) · EPSS 85th percentile

CWECWE 434VNDExtensisTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-03-01
2022-03-01 23:15Z
HIGH

CVE-2022-24251 — Extensis Portfolio: v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24251

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. CVSSv3.1 8.8 (HIGH) · EPSS 73th percentile

CWECWE 434VNDExtensisTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-03-01
2022-03-01 02:15Z
HIGH

CVE-2022-25018 — Pluxml Pluxml: v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25018

Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. CVSSv3.1 8.8 (HIGH) · EPSS 83th percentile

CWECWE 94VNDPluxmlTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-03-01
2022-03-01 02:15Z
HIGH

CVE-2021-42951 — Algorithmia Msol: A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42951

A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result. CVSSv3.1 8.8 (HIGH) · EPSS 73th percentile

VNDCodeVNDAlgorithmiaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-02-25
2022-02-25 20:15Z
CRIT

CVE-2022-25064 — Tp-link Tl-wr840n_firmware: TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25064

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile

CWECWE 78VNDTp LinkVNDLinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-02-25
2022-02-25 20:15Z
CRIT

CVE-2022-25061 — Tp-link Tl-wr840n_firmware: TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25061

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile

CWECWE 78VNDTp LinkVNDLinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-02-25
2022-02-25 20:15Z
CRIT

CVE-2022-25060 — Tp-link Tl-wr840n_firmware: TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25060

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile

CWECWE 78VNDTp LinkVNDLinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-02-25
2022-02-25 20:15Z
CRIT

CVE-2021-42952 — Zepl Zepl: Upon launching Remote Code Execution from the Notebook, users can then use that to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42952

Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services. CVSSv3.1 9.9 (CRITICAL) · EPSS 74th percentile

VNDZeplTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2022-02-21
2022-02-21 23:07Z
HIGH

Impacket 0.9.23

Impacket releases·github.comCVE-2021-31800CVE-2020-17049

Impacket 0.9.23 release includes critical security fixes and new exploitation capabilities. Notable additions: path traversal vulnerability fix (CVE-2021-31800), Kerberos Bronze Bit attack implementation (CVE-2020-17049), new GPP password extraction tool, and enhanced LDAP/AD exploitation features. Multiple improvements to SMB relay, DCOM execution, and credential handling.

TACTA0002SRFNetworkTACTA0006SRFIdentityTACTA0008VNDImpacketTYPToolSTGExecution
78
Edit Score
2022-02-21
2022-02-21 23:03Z
HIGH

Impacket 0.9.24

Impacket releases·github.com

Impacket 0.9.24 release includes significant enhancements to Windows authentication and lateral movement capabilities, notably adding RBCD (Resource-Based Constrained Delegation) handling, AD CS attack implementation, Kerberos S4U2Proxy support, and improved SMB/WMI protocol implementations. The release strengthens existing attack primitives across credential access, lateral movement, and persistence vectors.

TACTA0002SRFNetworkTACTA0006SRFIdentityTACTA0008VNDFortraTYPToolSTGExecution
78
Edit Score
2022-02-18
2022-02-18 14:15Z
CRIT

CVE-2022-0664 — Netmaker Netmaker: Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-0664

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 321VNDNetmakerTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-02-17
2022-02-17 22:15Z
CRIT

CVE-2022-22916 — Zoneland O2oa: v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-22916

O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile

VNDZonelandVNDO2oaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-02-14
2022-02-14 14:15Z
CRIT

CVE-2021-45420 — Emerson Dixell_xweb-500_firmware: Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile

CWECWE 306CWECWE 200CWECWE 668VNDEmersonTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-02-09
2022-02-09 14:15Z
HIGH

CVE-2021-46354 — Cybelesoft Thinfinity_virtualui: Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-46354

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface. CVSSv3.1 7.5 (HIGH) · EPSS 96th percentile

CWECWE 668VNDCybelesoftVNDThinfinityTYPVulnerability
7.5
CVSS v3.1
92
Edit Score
2022-02-04
2022-02-04 23:15Z
HIGH

CVE-2020-7534 — Schneider-electric Modicon_m340_bmxp342020_firmware: A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-7534

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXN CVSSv3.1 8.8 (HIGH) · EPSS 39th percentile

CWECWE 352VNDSchneider ElectricVNDCweTYPVulnerability
8.8
CVSS v3.1
94
Edit Score