Live Archive

Timeframe: 12/08/2022 01:28 PM - 12/09/2022 01:28 PM (24 Entries)

Next Refresh: 12/09/2022 02:28 PM

CVSSv3 Base

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

Exploit 0-day

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Published	Base	Temp	Vulnerability	0day	Today	Exp	Rem	CTI	CVE
12/09/2022	4.4	4.3	JetBrains IntelliJ IDEA Custom Plugin xml external entity reference	$0-$5k	$0-$5k	Not Defined	Official Fix	1.21	CVE-2022-46827
12/09/2022	4.4	4.4	TinyMCE cross site scripting	$0-$5k	$0-$5k	Not Defined	Official Fix	1.05	CVE-2022-23494
12/09/2022	2.7	2.6	Brocade SANnav debug log file	$0-$5k	$0-$5k	Not Defined	Official Fix	1.07	CVE-2022-33187
12/09/2022	5.3	5.2	lirantal daloradius unknown vulnerability	$0-$5k	$0-$5k	Not Defined	Official Fix	1.07	CVE-2022-4366
12/09/2022	3.4	3.4	JetBrains TeamCity STS Endpoint server-side request forgery	$0-$5k	$0-$5k	Not Defined	Not Defined	1.07	CVE-2022-46830
12/09/2022	6.0	5.9	JetBrains Gateway improper authentication	$0-$5k	$0-$5k	Not Defined	Official Fix	1.01	CVE-2022-46829
12/09/2022	5.3	5.1	JetBrains IntelliJ IDEA DYLIB injection	$0-$5k	$0-$5k	Not Defined	Official Fix	1.01	CVE-2022-46828
12/09/2022	4.7	4.7	JetBrains IntelliJ IDEA Built-In Web Server path traversal	$0-$5k	$0-$5k	Not Defined	Official Fix	1.03	CVE-2022-46826
12/09/2022	3.6	3.6	JetBrains IntelliJ IDEA Built-In Web Server information disclosure	$0-$5k	$0-$5k	Not Defined	Official Fix	0.93	CVE-2022-46825
12/09/2022	5.0	4.9	JetBrains IntelliJ IDEA fsnotifier Daemon buffer overflow	$0-$5k	$0-$5k	Not Defined	Official Fix	1.03	CVE-2022-46824
12/09/2022	3.5	3.4	DHIS cross site scripting	$0-$5k	$0-$5k	Not Defined	Official Fix	1.01	CVE-2022-41947
12/09/2022	3.7	3.7	SeedDMS Reset Token Generation excessive authentication	$0-$5k	$0-$5k	Not Defined	Not Defined	0.89	CVE-2022-44938
12/09/2022	3.5	3.5	Teleport Web Interface get-role-list information disclosure	$0-$5k	$0-$5k	Not Defined	Not Defined	0.89	CVE-2022-38599
12/09/2022	3.5	3.2	S-CMS Contact Information Page cross site scripting	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	1.34	CVE-2022-4377
12/09/2022	6.3	5.7	Mingsoft MCMS list sql injection	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	1.13	CVE-2022-4375
12/09/2022	5.3	5.3	Google Go net-http memory allocation	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.99	CVE-2022-41717
12/09/2022	3.5	3.5	Secustation Camera information disclosure	$0-$5k	$0-$5k	Not Defined	Not Defined	0.96	CVE-2022-40939
12/09/2022	6.3	6.3	Canon Medical Informatics Vitrea Vision search access control	$0-$5k	$0-$5k	Not Defined	Not Defined	0.99	CVE-2022-38765
12/09/2022	7.3	7.3	Brocade Fabric OS Remote Code Execution	$0-$5k	$0-$5k	Not Defined	Not Defined	1.11	CVE-2022-33186
12/09/2022	5.3	5.1	Yauaa Client Hints Analysis exceptional condition	$0-$5k	$0-$5k	Not Defined	Official Fix	1.03	CVE-2022-23496
12/09/2022	5.7	5.6	DHIS HTTP PUT Request privileges management	$0-$5k	$0-$5k	Not Defined	Official Fix	1.52	CVE-2022-41948
12/09/2022	6.4	6.3	go-merkledag DAGService Interface exceptional condition	$0-$5k	$0-$5k	Not Defined	Official Fix	1.18	CVE-2022-23495
12/09/2022	4.6	4.5	DHIS server-side request forgery	$0-$5k	$0-$5k	Not Defined	Official Fix	1.07	CVE-2022-41949
12/09/2022	5.6	5.6	JetBrains TeamCity Default Credential Provider Chain variable initialization	$0-$5k	$0-$5k	Not Defined	Not Defined	1.07	CVE-2022-46831

◂ Previous OverviewNext ▸

Do you know our Splunk app?

Download it now for free!