Recent 05/24/2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Home Clean Services Management System4
SiteServer CMS3
Inout Blockchain AltExchanger3
Badminton Center Management System2
Zyxel USG2

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix11
Temporary Fix0
Workaround1
Unavailable0
Not Defined33

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept6
Unproven0
Not Defined39

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤32
≤48
≤58
≤610
≤711
≤84
≤91
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤47
≤58
≤611
≤711
≤83
≤91
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k12
<2k19
<5k8
<10k3
<25k2
<50k1
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k27
<2k12
<5k1
<10k4
<25k1
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTIEPSSCVE
17:593.53.4SiteServer CMS cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.030.00890CVE-2021-42656
17:586.36.3SiteServer CMS sql injection$0-$5k$0-$5kNot DefinedNot Defined0.040.00890CVE-2021-42655
17:565.55.3SiteServer CMS unrestricted upload$0-$5k$0-$5kNot DefinedOfficial Fix0.040.02509CVE-2021-42654
17:547.27.1erudika para behavioral workflow$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-1848
17:544.34.2Tenda AC9 httpd buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.080.00885CVE-2021-42659
17:533.53.4Badminton Center Management System cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-30456
17:536.36.1Badminton Center Management System sql injection$0-$5k$0-$5kNot DefinedNot Defined0.080.00885CVE-2022-30455
17:536.36.1Merchandise Online Store sql injection$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-30454
13:227.87.8Zyxel USG/ZyWALL packet-trace argument injection$5k-$25k$5k-$25kNot DefinedNot Defined0.080.00890CVE-2022-26532
13:215.75.7Zyxel USG/ZyWALL buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00890CVE-2022-26531
07:403.53.5WonderCMS Simple Blog Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.040.00890CVE-2021-42233
07:404.34.3XXL-Job add cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2022-29002
07:394.34.2Lumidek Simple Food Website cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.040.00954CVE-2022-30014
07:395.05.0ZyXEL USG/ZyWALL CGI Program cross site scripting$5k-$25k$0-$5kNot DefinedNot Defined0.060.00885CVE-2022-0734
07:383.53.5SourceCodester Rescue Dispatch Management System cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-30017
07:385.55.5SourceCodester Rescue Dispatch Management System access control$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-30016
07:375.55.3Mastodon Email user.rb access control$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-31263
07:365.45.4ZyXEL USG/ZyWALL Two-Factor Authentication improper authentication$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00885CVE-2022-0910
07:366.36.1Dev-CPP devcpp.exe permission$0-$5k$0-$5kNot DefinedNot Defined0.050.01086CVE-2022-28999
07:355.55.5mysiteforme server-side request forgery$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2022-29309
07:324.64.4imgurl localhost sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00885CVE-2022-29305
07:305.75.7TOTOLINK A3600R infostat.cgi fread stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-29377
07:296.86.8AVEVA InTouch Access Anywhere Language Bar exposure of resource$0-$5k$0-$5kNot DefinedWorkaround0.040.00885CVE-2022-1467
07:257.16.9Quick Heal Total Security Installation uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01036CVE-2022-31467
07:256.46.3Quick Heal Total Security toctou$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2022-31466
07:247.77.5publify unrestricted upload$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00885CVE-2022-1811
07:246.05.9Tipask Attachment information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00890CVE-2021-41714
07:234.94.7Claroty Secure Remote Access Site Command Line Interface authentication bypass$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2021-32958
07:208.88.4Cognex In-Sight OPC Server deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01055CVE-2021-32935
07:196.36.1Xampp Installation default permission$0-$5k$0-$5kNot DefinedNot Defined0.040.01086CVE-2022-29376
07:185.55.3D-Link DSL-G2452DG permission$5k-$25k$5k-$25kNot DefinedNot Defined0.040.01018CVE-2022-28932
07:083.13.0EMCO Products Installation code download$0-$5k$0-$5kNot DefinedNot Defined0.060.37924CVE-2022-28944
07:009.69.4Annke N48PBB stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.070.01156CVE-2021-32941
06:593.53.4SourceCodester Simple Food Website all_users.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-30015
06:573.53.4Online Birth Certificate System profile.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.030.00954CVE-2022-29005
06:566.96.8Cisco IOS XR Health Check access control$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01055CVE-2022-20821
06:535.55.3Inout Blockchain AltExchanger about sql injection$0-$5k$0-$5kNot DefinedNot Defined0.070.00885CVE-2022-31489
06:536.36.1Inout Blockchain AltExchanger update_marketboxslider sql injection$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-31488
06:466.36.1Inout Blockchain AltExchanger master.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-31487
06:443.53.4Diary Management System search-result.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.020.00954CVE-2022-29004
06:352.42.3Student Information System Student Roll Module cross site scripting$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00885CVE-2022-1819
06:342.42.3Home Clean Services Management System cross site scripting$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00885CVE-2022-1840
06:326.36.0Home Clean Services Management System login.php sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00885CVE-2022-1839
06:304.74.5Home Clean Services Management System login.php sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00885CVE-2022-1838
06:284.74.5Home Clean Services Management System unrestricted upload$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.01440CVE-2022-1837

Want to stay up to date on a daily basis?

Enable the mail alert feature now!