Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-32456
Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.
Digiwin Business Process Management
NA
CVE-2022-32457
Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.
Digiwin Business Process Management
NA
CVE-2022-32458
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files.
Digiwin Business Process Management
NA
CVE-2022-3246
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin prior to 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers
Adenion Blog2social
NA
CVE-2022-3247
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin prior to 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform...
Adenion Blog2social
NA
CVE-2022-32471
An issue exists in IhisiSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are u...
Insyde Insydeh2o
NA
CVE-2022-32475
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue w...
Insyde Insydeh2o
NA
CVE-2022-32809
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.
NA
CVE-2022-3281
WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote malicious user to circumvent the reach the network that should be protected by ...
Wago 750-8100 Firmware
Wago 750-8101 Firmware
Wago 750-8101\\/000-010 Firmware
Wago 750-8101\\/025-000 Firmware
Wago 750-8102 Firmware
Wago 750-8102\\/025-000 Firmware
Wago 750-8202\\/000-011 Firmware
Wago 750-8202\\/000-012 Firmware
Wago 750-8202\\/000-022 Firmware
Wago 750-8206 Firmware
Wago 750-8206\\/025-000 Firmware
Wago 750-8206\\/025-001 Firmware
Wago 750-8207 Firmware
Wago 750-8207\\/025-000 Firmware
Wago 750-8207\\/025-001 Firmware
Wago 750-8208 Firmware
Wago 750-8208\\/025-000 Firmware
Wago 750-8208\\/025-001 Firmware
Wago 750-8210 Firmware
Wago 750-8210\\/025-000 Firmware
Wago 750-8211 Firmware
Wago 750-8212 Firmware
NA
CVE-2022-32814
A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.
Apple Macos
Apple Iphone Os
Apple Ipados
Apple Watchos
Apple Tvos
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »