Live Recent

Timeframe: 11/28/2022 10:01 PM - 11/29/2022 10:01 PM (48 Entries)

Next Refresh: 11/29/2022 11:01 PM

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

CVSSv3 Base

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

Exploit 0-day

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Created	Status		Vulnerability	Base	0day	Exp	Rem	CTI	CVE
06:56 PM	approved	100%	Amasty Blog Pro Plugin Admin Panel cross site scripting	3.5	$0-$5k	Not Defined	Not Defined	2.12+	CVE-2022-36433
06:56 PM	approved	100%	GPAC unquantize.c Q_IsTypeOn use after free	7.3	$0-$5k	Not Defined	Not Defined	2.21+	CVE-2022-45343
06:55 PM	approved	100%	Prometheus Exporter Toolkit web.yml unknown vulnerability	4.7	$0-$5k	Not Defined	Official Fix	2.30+	CVE-2022-46146
06:54 PM	approved	100%	Apache Fineract File Upload path traversal	6.3	$5k-$25k	Not Defined	Official Fix	2.24+	CVE-2022-44635
08:36 AM	approved	100%	GPAC lsr_dec.c lsr_translate_coords integer overflow	6.3	$0-$5k	Proof-of-Concept	Not Defined	3.85-	CVE-2022-4202
08:32 AM	approved	100%	Wenzhou Huoyin BossCMS Administrator List Module Add cross-site request forgery	4.3	$0-$5k	Not Defined	Not Defined	4.18-	CVE-2022-44937
08:31 AM	approved	100%	KLiK SocialMediaWebsite cross site scripting	3.5	$0-$5k	Not Defined	Official Fix	2.42-	CVE-2022-42100
08:31 AM	approved	100%	KLiK SocialMediaWebsite cross site scripting	3.5	$0-$5k	Not Defined	Official Fix	2.27-	CVE-2022-42099
08:30 AM	approved	100%	LINE Group Chat denial of service	3.5	$0-$5k	Not Defined	Official Fix	2.09-	CVE-2022-41568
08:29 AM	approved	100%	ChurchCRM cross site scripting	3.5	$0-$5k	Not Defined	Official Fix	2.16-	CVE-2022-36137
08:29 AM	approved	100%	ChurchCRM cross site scripting	3.5	$0-$5k	Not Defined	Official Fix	1.94-	CVE-2022-36136
08:29 AM	approved	100%	Virgial Berveling Notification E-mails Plugin cross-site request forgery	4.3	$0-$5k	Not Defined	Not Defined	1.86-	CVE-2022-34654
08:28 AM	approved	100%	AeroCMS sql injection	5.5	$0-$5k	Not Defined	Not Defined	2.24-	CVE-2022-45329
08:27 AM	approved	100%	D-Link DNR-322L Backup Config Privilege Escalation	5.5	$5k-$25k	Not Defined	Not Defined	2.18-	CVE-2022-40799
08:26 AM	approved	100%	ghost Newsletter access control	6.3	$0-$5k	Not Defined	Official Fix	2.10-	CVE-2022-41654
08:26 AM	approved	100%	NetIQ Advanced Authentication Multi-Factor Authentication improper authentication	6.3	$0-$5k	Not Defined	Official Fix	2.04-	CVE-2022-38753
08:24 AM	approved	100%	Dropbox JPEG Compression infinite loop	3.5	$0-$5k	Not Defined	Not Defined	2.04-	CVE-2022-4104
08:23 AM	approved	100%	GPAC box_code_3gpp.c dimC_box_read memory leak	4.3	$0-$5k	Not Defined	Not Defined	1.92-	CVE-2022-45204
08:15 AM	approved	100%	GPAC box_code_3gpp.c dimC_box_read stack-based overflow	6.3	$0-$5k	Not Defined	Official Fix	1.95-	CVE-2022-45202
08:14 AM	approved	100%	Raiden MAILD Mail Server Website cross site scripting	5.0	$0-$5k	Not Defined	Not Defined	2.04-	CVE-2022-41676
08:13 AM	approved	100%	Realtek RTL8168FP-CG Dash Remote Management authorization	4.3	$0-$5k	Not Defined	Not Defined	1.86-	CVE-2022-32966
08:12 AM	approved	100%	Realtek RTL8111EP-CG/RTL8111FP-CG dash hard-coded password	2.4	$0-$5k	Not Defined	Not Defined	1.86-	CVE-2022-32967
07:55 AM	approved	100%	XBlock Drag and Drop Image cross site scripting	3.5	$0-$5k	Not Defined	Official Fix	1.38-	CVE-2022-46147
07:54 AM	approved	100%	Ourphoto App acceptBind improper authentication	6.3	$0-$5k	Not Defined	Not Defined	1.49-	CVE-2022-24190
07:53 AM	approved	100%	Ourphoto App API improper authorization	5.5	$0-$5k	Not Defined	Not Defined	1.43-	CVE-2022-24189
07:52 AM	approved	100%	Squirrly SEO Plugin unrestricted upload	7.6	$0-$5k	Not Defined	Not Defined	1.67-	CVE-2022-38140
07:52 AM	approved	100%	Ourphoto App signin missing encryption	3.5	$0-$5k	Not Defined	Not Defined	1.35-	CVE-2022-24188
07:51 AM	approved	100%	Ourphoto App resource injection	3.5	$0-$5k	Not Defined	Not Defined	1.28-	CVE-2022-24187
07:50 AM	approved	100%	Russound XSourcePlayer 777D scriptRunner.cgi Privilege Escalation	6.3	$0-$5k	Proof-of-Concept	Not Defined	1.58-	CVE-2022-44038
07:50 AM	approved	100%	Chocolatey Azure-Pipelines-Agent Package agent permission	5.5	$0-$5k	Not Defined	Not Defined	1.29-	CVE-2022-45306
07:47 AM	approved	100%	Chocolatey Cmder Package permission	5.5	$0-$5k	Not Defined	Not Defined	1.38-	CVE-2022-45304
07:46 AM	approved	100%	APsystems Energy Communication Unit access control	6.3	$0-$5k	Proof-of-Concept	Not Defined	1.74-	CVE-2022-44037
07:45 AM	approved	100%	Telos Alliance Omnia MPX Node resource injection	5.5	$0-$5k	Proof-of-Concept	Not Defined	1.52-	CVE-2022-43326
07:45 AM	approved	100%	FusionAuth HTTP Request access control	3.5	$0-$5k	Not Defined	Official Fix	1.23-	CVE-2022-45921
07:43 AM	approved	100%	Opencast Paella Authentication Page redirect	5.5	$0-$5k	Not Defined	Official Fix	1.35-	CVE-2022-41965
07:43 AM	approved	100%	Sanitization Management System Login.php cross site scripting	3.5	$0-$5k	Not Defined	Not Defined	1.26-	CVE-2022-45214
07:42 AM	approved	100%	PuneethReddyHC online-shopping-system-advanced product.php sql injection	5.5	$0-$5k	Not Defined	Not Defined	1.35-	CVE-2022-42109
07:42 AM	approved	100%	Web-Based Student Clearance System add-admin.php cross site scripting	3.5	$0-$5k	Not Defined	Not Defined	1.29-	CVE-2022-45224
07:39 AM	approved	100%	Web-Based Student Clearance System add-student.php cross site scripting	3.5	$0-$5k	Not Defined	Not Defined	1.40-	CVE-2022-45223
07:38 AM	approved	100%	Web-Based Student Clearance System changepassword.php cross site scripting	3.5	$0-$5k	Not Defined	Not Defined	1.34-	CVE-2022-45221
07:38 AM	approved	100%	Linux Kernel L2TP l2tp_core.c sk_user_data null pointer dereference	6.5	$5k-$25k	Not Defined	Official Fix	1.41-	CVE-2022-4129
07:36 AM	approved	100%	Chocolatey Package Python311 permission	6.3	$0-$5k	Not Defined	Not Defined	1.95-	CVE-2022-45305
07:36 AM	approved	100%	Chocolatey Gem ruby31 permission	6.3	$0-$5k	Not Defined	Not Defined	1.73-	CVE-2022-45301
07:35 AM	approved	100%	Linux Kernel MPTCP Protocol null pointer dereference	6.5	$5k-$25k	Not Defined	Official Fix	1.26-	CVE-2022-4128
07:35 AM	approved	100%	Linux Kernel io_files_update_with_index_alloc null pointer dereference	6.5	$5k-$25k	Not Defined	Official Fix	1.22-	CVE-2022-4127
07:34 AM	approved	100%	Sinatra Header code download	6.5	$0-$5k	Not Defined	Official Fix	1.17-	CVE-2022-45442
07:32 AM	approved	100%	Chocolatey PHP Package php81 permission	6.3	$0-$5k	Not Defined	Not Defined	2.19-	CVE-2022-45307
07:32 AM	approved	100%	Raiden MAILD Mail Server Website csv injection	7.1	$0-$5k	Not Defined	Not Defined	1.26-	CVE-2022-41675

◂ Previous OverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!