Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-29269
In Nagios XI up to and including 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2022-2927
Weak Password Requirements in GitHub repository notrinos/notrinoserp before 0.7.
Notrinos Notrinoserp
4.3
CVSSv3
CVE-2022-29270
In Nagios XI up to and including 5.8.5, it is possible for a user without password verification to change his e-mail address.
Nagios Nagios Xi
6.5
CVSSv3
CVE-2022-29271
In Nagios XI up to and including 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an malicious user to permanently disable all monitoring checks.
Nagios Nagios Xi
6.1
CVSSv3
CVE-2022-29272
In Nagios XI up to and including 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
Nagios Nagios Xi
6.1
CVSSv3
CVE-2022-29273
pfSense CE up to and including 2.6.0 and pfSense Plus prior to 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.
Netgate Pfsense
8.2
CVSSv3
CVE-2022-29275
In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue exists by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5...
Insyde Kernel
8.8
CVSSv3
CVE-2022-29277
Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purl...
Amd Genoa Firmware
Amd Hygon 1 Firmware
Amd Hygon 2 Firmware
Amd Hygon 3 Firmware
Amd Milan Firmware
Amd Rome Firmware
Amd Ryzen 5300g Firmware
Amd Ryzen 5300ge Firmware
Amd Ryzen 5600g Firmware
Amd Ryzen 5600ge Firmware
Amd Ryzen 5600x Firmware
Amd Ryzen 5700g Firmware
Amd Ryzen 5700ge Firmware
Amd Ryzen 5800x Firmware
Amd Ryzen 5800x3d Firmware
Amd Ryzen 5900x Firmware
Amd Ryzen 5950x Firmware
Amd Snowy Owl R1000 Firmware
Amd Snowy Owl R2000 Firmware
Amd Snowy Owl V2000 Firmware
Amd Snowy Owl V3000 Firmware
Intel Alder Lake Firmware
7.5
CVSSv3
CVE-2022-29286
Pexip Infinity 27 prior to 28.0 allows remote malicious users to trigger excessive resource consumption and termination because of registrar resource mishandling.
Pexip Pexip Infinity
6.1
CVSSv3
CVE-2022-29296
A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Avantune Genialcloud Proj 10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »