2022-03-01
2022-03-01 23:15Z
HIGH

CVE-2022-24253 — Extensis Portfolio: v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24253

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. CVSSv3.1 8.8 (HIGH) · EPSS 73th percentile

CWECWE 434VNDExtensisTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-03-01
2022-03-01 23:15Z
HIGH

CVE-2022-24252 — Extensis Portfolio: An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24252

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. CVSSv3.1 8.8 (HIGH) · EPSS 85th percentile

CWECWE 434VNDExtensisTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-03-01
2022-03-01 23:15Z
HIGH

CVE-2022-24251 — Extensis Portfolio: v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-24251

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. CVSSv3.1 8.8 (HIGH) · EPSS 73th percentile

CWECWE 434VNDExtensisTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-03-01
2022-03-01 02:15Z
HIGH

CVE-2022-25018 — Pluxml Pluxml: v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25018

Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. CVSSv3.1 8.8 (HIGH) · EPSS 83th percentile

CWECWE 94VNDPluxmlTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-03-01
2022-03-01 02:15Z
HIGH

CVE-2021-42951 — Algorithmia Msol: A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42951

A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result. CVSSv3.1 8.8 (HIGH) · EPSS 73th percentile

VNDCodeVNDAlgorithmiaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-02-25
2022-02-25 20:15Z
CRIT

CVE-2022-25064 — Tp-link Tl-wr840n_firmware: TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25064

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile

CWECWE 78VNDTp LinkVNDLinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-02-25
2022-02-25 20:15Z
CRIT

CVE-2022-25061 — Tp-link Tl-wr840n_firmware: TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25061

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile

CWECWE 78VNDTp LinkVNDLinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2022-02-25
2022-02-25 20:15Z
CRIT

CVE-2022-25060 — Tp-link Tl-wr840n_firmware: TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-25060

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile

CWECWE 78VNDTp LinkVNDLinkTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-02-25
2022-02-25 20:15Z
CRIT

CVE-2021-42952 — Zepl Zepl: Upon launching Remote Code Execution from the Notebook, users can then use that to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42952

Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services. CVSSv3.1 9.9 (CRITICAL) · EPSS 74th percentile

VNDZeplTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2022-02-21
2022-02-21 23:07Z
HIGH

Impacket 0.9.23

Impacket releases·github.comCVE-2021-31800CVE-2020-17049

Impacket 0.9.23 release includes critical security fixes and new exploitation capabilities. Notable additions: path traversal vulnerability fix (CVE-2021-31800), Kerberos Bronze Bit attack implementation (CVE-2020-17049), new GPP password extraction tool, and enhanced LDAP/AD exploitation features. Multiple improvements to SMB relay, DCOM execution, and credential handling.

TACTA0002SRFNetworkTACTA0006SRFIdentityTACTA0008VNDImpacketTYPToolSTGExecution
78
Edit Score
2022-02-21
2022-02-21 23:03Z
HIGH

Impacket 0.9.24

Impacket releases·github.com

Impacket 0.9.24 release includes significant enhancements to Windows authentication and lateral movement capabilities, notably adding RBCD (Resource-Based Constrained Delegation) handling, AD CS attack implementation, Kerberos S4U2Proxy support, and improved SMB/WMI protocol implementations. The release strengthens existing attack primitives across credential access, lateral movement, and persistence vectors.

TACTA0002SRFNetworkTACTA0006SRFIdentityTACTA0008VNDFortraTYPToolSTGExecution
78
Edit Score
2022-02-18
2022-02-18 14:15Z
CRIT

CVE-2022-0664 — Netmaker Netmaker: Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-0664

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 321VNDNetmakerTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2022-02-17
2022-02-17 22:15Z
CRIT

CVE-2022-22916 — Zoneland O2oa: v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2022-22916

O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile

VNDZonelandVNDO2oaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-02-14
2022-02-14 14:15Z
CRIT

CVE-2021-45420 — Emerson Dixell_xweb-500_firmware: Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to denial of service and potentially remote code execution. Note: the product has not been supported since 2018 and should be removed or replaced. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile

CWECWE 306CWECWE 200CWECWE 668VNDEmersonTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-02-09
2022-02-09 14:15Z
HIGH

CVE-2021-46354 — Cybelesoft Thinfinity_virtualui: Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-46354

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface. CVSSv3.1 7.5 (HIGH) · EPSS 96th percentile

CWECWE 668VNDCybelesoftVNDThinfinityTYPVulnerability
7.5
CVSS v3.1
92
Edit Score
2022-02-04
2022-02-04 23:15Z
HIGH

CVE-2020-7534 — Schneider-electric Modicon_m340_bmxp342020_firmware: A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-7534

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXN CVSSv3.1 8.8 (HIGH) · EPSS 39th percentile

CWECWE 352VNDSchneider ElectricVNDCweTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2022-02-02
2022-02-02 18:15Z
CRIT

CVE-2021-42640 — Printerlogic Web_stack: Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42640

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. CVSSv3.1 9.1 (CRITICAL) · EPSS 79th percentile

CWECWE 668VNDPrinterlogicTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2022-02-02
2022-02-02 18:15Z
CRIT

CVE-2021-42637 — Printerlogic Web_stack: Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42637

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery (SSRF) vulnerability. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile

CWECWE 918VNDPrinterlogicTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-02-01
2022-02-01 23:15Z
HIGH

CVE-2021-42638 — Printerlogic Web_stack: Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42638

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution. CVSSv3.1 8.1 (HIGH) · EPSS 92th percentile

CWECWE 77VNDPrinterlogicTYPVulnerability
8.1
CVSS v3.1
92
Edit Score
2022-01-31
2022-01-31 18:15Z
HIGH

CVE-2021-42635 — Printerlogic Web_stack: Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42635

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution. CVSSv3.1 8.1 (HIGH) · EPSS 92th percentile

CWECWE 798VNDPrinterlogicTYPVulnerability
8.1
CVSS v3.1
92
Edit Score
2022-01-31
2022-01-31 18:15Z
HIGH

CVE-2021-42631 — Printerlogic Virtual_appliance: Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-42631

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution. CVSSv3.1 8.1 (HIGH) · EPSS 93th percentile

CWECWE 502VNDPrinterlogicTYPVulnerability
8.1
CVSS v3.1
92
Edit Score
2022-01-28
2022-01-28 19:15Z
CRIT

CVE-2021-44971 — Tenda Ac15_firmware: Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-44971

Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. CVSSv3.1 9.8 (CRITICAL) · EPSS 83th percentile

CWECWE 697VNDTendaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2022-01-27
2022-01-27 13:15Z
HIGH

CVE-2021-44793 — Krontech Single_connect: The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-44793

Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials. CVSSv3.1 8.6 (HIGH) · EPSS 63th percentile

CWECWE 862VNDKrontechTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2022-01-26
2022-01-26 19:15Z
HIGH

CVE-2021-46114 — Jpress Jpress: v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-46114

jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. CVSSv3.1 8.8 (HIGH) · EPSS 74th percentile

CWECWE 94VNDJpressTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2022-01-19
2022-01-19 13:15Z
HIGH

CVE-2021-45808 — Jpress Jpress: v4.2.0 allows users to register an account by default.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-45808

jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server. CVSSv3.1 8.8 (HIGH) · EPSS 74th percentile

CWECWE 434VNDJpressTYPVulnerability
8.8
CVSS v3.1
94
Edit Score