Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dw. vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2022-2423
The DW Promobar WordPress plugin up to and including 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in mult...
Designwall Dw Promobar
7.5
CVSSv3
CVE-2022-34534
Digital Watchdog DW Spectrum Server 4.2.0.32842 allows malicious users to access sensitive infromation via a crafted API call.
Dw Spectrum Server Firmware 4.2.0.32842
7.5
CVSSv3
CVE-2022-34535
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthenticated malicious users to view internal paths and scripts via web files.
Dw Megapix Firmware 4.2.0.32842
7.5
CVSSv3
CVE-2022-34536
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows malicious users to access the core log file and perform session hijacking via a crafted session token.
Dw Megapix Firmware 4.2.0.32842
5.4
CVSSv3
CVE-2022-34537
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 exists to contain a cross-site scripting (XSS) vulnerability via the component bia_oneshot.cgi.
Dw Megapix Firmware 4.2.0.32842
8.8
CVSSv3
CVE-2022-34538
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 exists to contain a command injection vulnerability in the component /admin/vca/bia/addacph.cgi. This vulnerability is exploitable via a crafted POST request.
Dw Megapix Firmware 4.2.0.32842
8.8
CVSSv3
CVE-2022-34539
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 exists to contain a command injection vulnerability in the component /admin/curltest.cgi. This vulnerability is exploitable via a crafted POST request.
Dw Megapix Firmware 4.2.0.32842
8.8
CVSSv3
CVE-2022-34540
Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 exists to contain a command injection vulnerability in the component /admin/vca/license/license_tok.cgi. This vulnerability is exploitable via a crafted POST request.
Dw Megapix Firmware 4.2.0.32842
4.3
CVSSv3
CVE-2021-4408
The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing or incorrect nonce validation on the update_answer() function. This makes it possible for unauthenticated malicious users ...
Designwall Dw Question \\& Answer
4.3
CVSSv3
CVE-2021-24800
The DW Question & Answer Pro WordPress plugin up to and including 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.
Designwall Dw Question \\& Answer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »