Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 5시간 58분 지남

CVE-2022-38085

토, 2022/09/24 - 12:15오전
Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.

CVE-2022-38460

토, 2022/09/24 - 12:15오전
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress.

CVE-2022-40193 (awesome_filterable_portfolio)

토, 2022/09/24 - 12:15오전
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.

CVE-2022-23144

토, 2022/09/24 - 12:15오전
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.

CVE-2022-40092 (online_tours_and_travels_management_system)

금, 2022/09/23 - 11:15오후
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php.

CVE-2022-40093 (online_tours_and_travels_management_system)

금, 2022/09/23 - 11:15오후
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php.

CVE-2022-40213 (gs_testimonial_slider)

금, 2022/09/23 - 11:15오후
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress.

CVE-2022-40853

금, 2022/09/23 - 11:15오후
Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set

CVE-2022-40860

금, 2022/09/23 - 11:15오후
Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList

CVE-2022-40862

금, 2022/09/23 - 11:15오후
Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting

CVE-2022-40864

금, 2022/09/23 - 11:15오후
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet

CVE-2022-40865

금, 2022/09/23 - 11:15오후
Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/

CVE-2022-40869

금, 2022/09/23 - 11:15오후
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").

CVE-2022-27492 (whatsapp)

금, 2022/09/23 - 11:15오후
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.

CVE-2022-2937

금, 2022/09/23 - 11:15오후
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.

CVE-2022-30121

금, 2022/09/23 - 11:15오후
The “LANDesk(R) Management Agent� service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.

CVE-2022-3144 (wordfence_security)

금, 2022/09/23 - 11:15오후
The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with administrative privileges, to inject malicious web scripts into the setting that executes whenever a user accesses a page displaying the affected setting on sites running a vulnerable version.

CVE-2022-35252

금, 2022/09/23 - 11:15오후
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

CVE-2022-35253

금, 2022/09/23 - 11:15오후
A vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack.

CVE-2022-35257

금, 2022/09/23 - 11:15오후
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.

페이지