Vulnerabilities

Zyxel devices ping certificate upload command execution |

February 19, 2022

NAME Zyxel devices ping certificate upload command execution Platforms Affected:Zyxel VMG3312 B10B Zyxel VMG1312-B10D Zyxel AMG1302-T11C Zyxel VMG3925-B10C Zyxel VMG8924-B10D...

Prism.js Prism cross-site scripting | CVE-2022-23647

February 19, 2022

NAME Prism.js Prism cross-site scripting Platforms Affected:Prism.js Prism 1.14.0 Prism.js Prism 1.26.0Risk Level:7.5Exploitability:FunctionalConsequences:Cross-Site Scripting DESCRIPTION Prism.js Prism is vulnerable to...

Hancom Office buffer overflow | CVE-2021-21958

February 19, 2022

NAME Hancom Office buffer overflow Platforms Affected:Hancom Hancom Office 2020 11.0.0.2353Risk Level:7.8Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION Hancom Office is vulnerable...

Zyxel devices /cgi-bin/DAL?oid=login_privilege /cgi-bin/DAL?oid=mgmt_srv security bypass |

February 19, 2022

NAME Zyxel devices /cgi-bin/DAL?oid=login_privilege /cgi-bin/DAL?oid=mgmt_srv security bypass Platforms Affected:Zyxel VMG3312 B10B Zyxel VMG1312-B10D Zyxel WSQ20 Zyxel WSQ50 Zyxel AMG1302-T11C Zyxel...

Linux Kernel privilege escalation |

February 19, 2022

NAME Linux Kernel privilege escalation Platforms Affected:Linux Kernel 5.14 Linux Kernel 5.15 Linux Kernel 5.16Risk Level:8.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION Linux Kernel...

VMware ESXi, Workstation and Fusion code execution | CVE-2021-22041

February 19, 2022

NAME VMware ESXi, Workstation and Fusion code execution Platforms Affected:VMware ESXi 6.5 VMware ESXi 6.7 VMware ESXi 7.0 VMware Cloud...

TIBCO BusinessConnect Container Edition information disclosure | CVE-2021-43050

February 19, 2022

NAME TIBCO BusinessConnect Container Edition information disclosure Platforms Affected:TIBCO BusinessConnect Container Edition 1.1.0Risk Level:9.8Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION TIBCO BusinessConnect Container Edition...

Zyxel devices libclinkc.so Export_Log zhttpd buffer overflow |

February 19, 2022

NAME Zyxel devices libclinkc.so Export_Log zhttpd buffer overflow Platforms Affected:Zyxel VMG3312 B10B Zyxel VMG1312-B10D Zyxel AMG1302-T11C Zyxel VMG3925-B10C Zyxel VMG8924-B10D...

Zepl Notebook security bypass | CVE-2021-42952

February 19, 2022

NAME Zepl Notebook security bypass Platforms Affected:Zepl NotebookRisk Level:8.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Zepl Notebook could allow a remote authenticated attacker to...

JQueryForm.com file upload | CVE-2022-24984

February 19, 2022

NAME JQueryForm.com file upload Platforms Affected:JQueryForm.com JQueryForm.com 3.2.26Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION JQueryForm.com could allow a remote authenticated attacker to upload...

Algorithmia MSOL code execution | CVE-2021-42951

February 19, 2022

NAME Algorithmia MSOL code execution Platforms Affected:Algorithmia MSOLRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Algorithmia MSOL could allow a remote authenticated attacker to...

JQueryForm.com file upload | CVE-2022-24983

February 19, 2022

JQueryForm.com security bypass | CVE-2022-24985

February 19, 2022

NAME JQueryForm.com security bypass Platforms Affected:JQueryForm.com JQueryForm.com 3.2.26Risk Level:8.1Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION JQueryForm.com could allow a remote authenticated attacker to bypass...

Vicidial AST_IVRstats.php AST_LISTS_pass_report.php AST_usergroup_login_report.php admin_lists_custom.php |

February 19, 2022

NAME Vicidial AST_IVRstats.php AST_LISTS_pass_report.php AST_usergroup_login_report.php admin_lists_custom.php Platforms Affected:Vicidial Vicidial 2.14-783aRisk Level:7.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION Vicidial is vulnerable to SQL injection. A...

Telegram for Android flag emojis denial of service |

February 19, 2022

NAME Telegram for Android flag emojis denial of service Platforms Affected:Telegram Telegram for Android 8.4.4Risk Level:7.8Exploitability:Proof of ConceptConsequences:Denial of Service...

VMware ESXi, Workstation and Fusion code execution | CVE-2021-22040

February 19, 2022

NAME VMware ESXi, Workstation and Fusion code execution Platforms Affected:VMware ESXi 6.5 VMware ESXi 6.7 VMware ESXi 7.0 VMware Cloud...

Cesanta Mongoose security bypass | CVE-2022-25299

February 19, 2022

NAME Cesanta Mongoose security bypass Platforms Affected:Cesanta Mongoose 7.5Risk Level:9.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Cesanta Mongoose could allow a remote attacker to...

Zepl Notebook code execution | CVE-2021-42950

February 19, 2022

NAME Zepl Notebook code execution Platforms Affected:Zepl NotebookRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Zepl Notebook could allow a remote authenticated attacker to...

Vicidial cross-site scripting | CVE-2021-46557

February 17, 2022

NAME Vicidial cross-site scripting Platforms Affected:Vicidial Vicidial 2.14-783aRisk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION Vicidial is vulnerable to multiple cross-site scripting, caused by...

Jenkins Pipeline: Shared Groovy Libraries Plugin code execution | CVE-2022-25182

February 17, 2022

NAME Jenkins Pipeline: Shared Groovy Libraries Plugin code execution Platforms Affected:Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION...

Jenkins Team Views Plugin cross-site scripting | CVE-2022-25203

February 17, 2022

NAME Jenkins Team Views Plugin cross-site scripting Platforms Affected:Jenkins Team Views Plugin 0.9.0Risk Level:8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION Jenkins Team Views Plugin...

crossbeam-utils code execution | CVE-2022-23639

February 17, 2022

NAME crossbeam-utils code execution Platforms Affected:crossbeam-utils crossbeam-utils 0.8.6Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION crossbeam-utils could allow a remote attacker to execute arbitrary...

Flatpress cross-site scripting | CVE-2022-24588

February 17, 2022

NAME Flatpress cross-site scripting Platforms Affected:Flatpress Flatpress 1.2.1Risk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION Flatpress is vulnerable to multiple cross-site scripting, caused by...

Jenkins Generic Webhook Trigger Plugin cross-site scripting | CVE-2022-25185

February 17, 2022

NAME Jenkins Generic Webhook Trigger Plugin cross-site scripting Platforms Affected:Jenkins Generic Webhook Trigger Plugin 1.81Risk Level:8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION Jenkins Generic...

Vulnerabilities

Zyxel devices ping certificate upload command execution |

Prism.js Prism cross-site scripting | CVE-2022-23647

Hancom Office buffer overflow | CVE-2021-21958

Zyxel devices /cgi-bin/DAL?oid=login_privilege /cgi-bin/DAL?oid=mgmt_srv security bypass |

Linux Kernel privilege escalation |

VMware ESXi, Workstation and Fusion code execution | CVE-2021-22041

TIBCO BusinessConnect Container Edition information disclosure | CVE-2021-43050

Zyxel devices libclinkc.so Export_Log zhttpd buffer overflow |

Zepl Notebook security bypass | CVE-2021-42952

JQueryForm.com file upload | CVE-2022-24984

Algorithmia MSOL code execution | CVE-2021-42951

JQueryForm.com file upload | CVE-2022-24983

JQueryForm.com security bypass | CVE-2022-24985

Vicidial AST_IVRstats.php AST_LISTS_pass_report.php AST_usergroup_login_report.php admin_lists_custom.php |

Telegram for Android flag emojis denial of service |

VMware ESXi, Workstation and Fusion code execution | CVE-2021-22040

Cesanta Mongoose security bypass | CVE-2022-25299

Zepl Notebook code execution | CVE-2021-42950

Vicidial cross-site scripting | CVE-2021-46557

Jenkins Pipeline: Shared Groovy Libraries Plugin code execution | CVE-2022-25182

Jenkins Team Views Plugin cross-site scripting | CVE-2022-25203

crossbeam-utils code execution | CVE-2022-23639

Flatpress cross-site scripting | CVE-2022-24588

Jenkins Generic Webhook Trigger Plugin cross-site scripting | CVE-2022-25185

CISA: CISA Releases Fact Sheet Detailing Embedded Backdoor Function of Contec CMS8000 Firmware

CISA: CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Releases Nine Industrial Control Systems Advisories

CISA: CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices

You may have missed