Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2022-32420
College Management System v1.0 exists to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file.
College Management System Project College Management System 1.0
NA
CVE-2022-32425
The login function of Mealie v1.0.0beta-2 allows malicious users to enumerate existing usernames by timing the server's response time.
Mealie Mealie 1.0.0
NA
CVE-2022-3243
The Import all XML, CSV & TXT WordPress plugin prior to 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin
Smackcoders Import All Pages\\, Post Types\\, Products\\, Orders\\, And Users As Xml \\& Csv
NA
CVE-2022-3244
The Import all XML, CSV & TXT WordPress plugin prior to 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce
Smackcoders Import All Pages\\, Post Types\\, Products\\, Orders\\, And Users As Xml \\& Csv
383
VMScore
CVE-2022-32441
A memory corruption in Hex Rays Ida Pro v6.6 allows malicious users to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at msvcrt!memcpy+0x0000000000000056.
Hex-rays Ida 6.6
890
VMScore
CVE-2022-32449
TOTOLINK EX300_V2 V4.0.3c.7484 exists to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.
Totolink Ex300 V2 Firmware 4.0.3c.7484
NA
CVE-2022-32450
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.
Anydesk Anydesk 7.0.9
NA
CVE-2022-32453
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote malicious user to obtain and/or alter the data of the product via unspecified vectors.
Cybozu Office
NA
CVE-2022-32454
A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML payload to trigger this vulner...
Goabode Iota All-in-one Security Kit Firmware 6.9z
Goabode Iota All-in-one Security Kit Firmware 6.9x
NA
CVE-2022-32455
In BIG-IP Versions 16.1.x prior to 16.1.2.2, 15.1.x prior to 15.1.6.1, 14.1.x prior to 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed...
F5 Big-ip Analytics
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »