CVE

Hikvision security notification-CVE-2021-36260

April 23, 2022

NAME Hikvision - Multiple Platforms Affected:MultipleRisk Level:highCVE Type:Command Injection DESCRIPTION CVE-2021-36260 is a command injection vulnerability impacting multiple Hikvision products....

Microsoft security update-CVE-2022-21999

April 23, 2022

NAME Microsoft - Windows Platforms Affected:WindowsRisk Level:highCVE Type:Privilege escalation DESCRIPTION CVE-2022-21999 is a privilege escalation vulnerability impacting multiple products and...

Elastic Kibana disclosure | CVE-2022-23711

April 23, 2022

NAME Elastic Kibana disclosure Platforms Affected:Elastic Kibana 7.8.0 Elastic Kibana 8.0.0 Elastic Kibana 7.17.2 Elastic Kibana 8.1.2Risk Level:8.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION...

Delta ASDA-Soft code execution | CVE-2022-1402

April 23, 2022

NAME Delta ASDA-Soft code execution Platforms Affected:Delta Electronics ASDA-Soft 5.4.1.0Risk Level:7.8Exploitability:HighConsequences:Gain Access DESCRIPTION Delta ASDA-Soft could allow a remote attacker...

Apache Log4j hotpatch package privilege escalation | CVE-2021-3100

April 23, 2022

NAME Apache Log4j hotpatch package privilege escalation Platforms Affected:Apache Log4j hotpatch packageRisk Level:8.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION Apache Log4j hotpatch package could...

Hammock AssetView weak security | CVE-2022-28719

April 23, 2022

NAME Hammock AssetView weak security Platforms Affected:Hammock AssetView 9.2.0 Hammock AssetView 7.0.0 Hammock AssetView 9.2.3Risk Level:9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Hammock AssetView...

Delta ASDA-Soft code execution | CVE-2022-1403

April 23, 2022

NAME Delta ASDA-Soft code execution Platforms Affected:Delta Electronics ASDA-Soft 5.4.1.0Risk Level:8.8Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION Delta ASDA-Soft could allow a...

Moodle security update-CVE-2020-14321

April 22, 2022

NAME Moodle - Moodle Platforms Affected:MoodleRisk Level:highCVE Type:Privilege escalation DESCRIPTION CVE-2020-14321 is a privilege escalation vulnerability impacting multiple versions of...

OMI versions 1.6.8-1-CVE-2021-38647

April 22, 2022

NAME Open Management Infrastructure - Open Management Infrastructure Platforms Affected:Open Management InfrastructureRisk Level:highCVE Type:RCE DESCRIPTION CVE-2021-38647 is a remote code...

Databasir code execution | CVE-2022-24861

April 22, 2022

NAME Databasir code execution Platforms Affected:Databasir Databasir 1.0.1Risk Level:9.9Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Databasir could allow a remote authenticated attacker to execute...

7-ZIP hhctrl.ocx code execution |

April 22, 2022

NAME 7-ZIP hhctrl.ocx code execution Platforms Affected:7-Zip 7-Zip 16Risk Level:8.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION 7-ZIP could allow a local attacker to execute...

XPLATFORM code execution | CVE-2021-26626

April 22, 2022

NAME XPLATFORM code execution Platforms Affected:Tobesoft XPLATFORM 9.2 Tobesoft XPLATFORM 9.2.1 Tobesoft XPLATFORM 9.2.2 Tobesoft XPlatform 9.1 TOBESOFT XPLATFORM 9.2.2.250...

libinput code execution | CVE-2022-1215

April 22, 2022

NAME libinput code execution Platforms Affected:libinput libinput 1.10Risk Level:8.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION libinput could allow a local authenticated attacker to execute...

Kyocera d-COLOR MF3555 cross-site scripting | CVE-2022-25344

April 22, 2022

NAME Kyocera d-COLOR MF3555 cross-site scripting Platforms Affected:Kyocera d-COLOR MF3555 2XD_S000.002.271Risk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION Kyocera d-COLOR MF3555 is vulnerable to...

wire-webapp cross-site scripting | CVE-2022-24799

April 22, 2022

NAME wire-webapp cross-site scripting Platforms Affected:wire-webapp wire-webappRisk Level:9.6Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION wire-webapp is vulnerable to cross-site scripting, caused by improper validation...

Shopware security bypass | CVE-2022-24872

April 22, 2022

NAME Shopware security bypass Platforms Affected:Shopware Shopware 6.3.4.0Risk Level:8.1Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Shopware could allow a remote authenticated attacker to bypass...

USR IOT 4G LTE Industrial Cellular VPN Router default account |

April 22, 2022

NAME USR IOT 4G LTE Industrial Cellular VPN Router default account Platforms Affected:USR IOT Technology 4G LTE Industrial Cellular VPN...

Nexacro security bypass | CVE-2021-26625

April 22, 2022

NAME Nexacro security bypass Platforms Affected:Tobesoft NEXACRO17 17.1.3.301 Tobesoft Nexacro 17.1.2.500Risk Level:8.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Nexacro could allow a remote attacker...

Oracle Helidon unspecified | CVE-2022-21404

April 21, 2022

NAME Oracle Helidon unspecified Platforms Affected:Oracle Helidon 1.4.10 Oracle Helidon 2.0.0-RC1Risk Level:8.1Exploitability:UnprovenConsequences:Other DESCRIPTION An unspecified vulnerability in Oracle Helidon related...

Amazon Linux log4j-cve-2021-44228-hotpatch package privilege escalation | CVE-2022-0070

April 21, 2022

NAME Amazon Linux log4j-cve-2021-44228-hotpatch package privilege escalation Platforms Affected:Amazon Amazon Linux 1 Amazon Amazon Linux 2Risk Level:8.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION Amazon...

Elcomplus SmartPPT SCADA security bypass | CVE-2021-43939

April 21, 2022

NAME Elcomplus SmartPPT SCADA security bypass Platforms Affected:Elcomplus SmartPPT SCADA 1.1Risk Level:8.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Elcomplus SmartPPT SCADA could allow a...

Oracle Solaris unspecified | CVE-2022-21446

April 21, 2022

NAME Oracle Solaris unspecified Platforms Affected:Oracle Solaris 11Risk Level:8.2Exploitability:UnprovenConsequences:Other DESCRIPTION An unspecified vulnerability in Oracle Solaris related to the Utility...

Oracle Communications Billing and Revenue Management unspecified | CVE-2022-21430

April 21, 2022

NAME Oracle Communications Billing and Revenue Management unspecified Platforms Affected:Oracle Communications Billing and Revenue Management 12.0.0.4 Oracle Communications Billing and...

Tp-Link TL-WR840N (EU) buffer overflow | CVE-2021-46122

April 21, 2022

NAME Tp-Link TL-WR840N (EU) buffer overflow Platforms Affected:Tp-Link TL-WR840N (EU) 6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n)Risk Level:9.8Exploitability:UnprovenConsequences:Denial of...

CVE

Hikvision security notification-CVE-2021-36260

Microsoft security update-CVE-2022-21999

Elastic Kibana disclosure | CVE-2022-23711

Delta ASDA-Soft code execution | CVE-2022-1402

Apache Log4j hotpatch package privilege escalation | CVE-2021-3100

Hammock AssetView weak security | CVE-2022-28719

Delta ASDA-Soft code execution | CVE-2022-1403

Moodle security update-CVE-2020-14321

OMI versions 1.6.8-1-CVE-2021-38647

Databasir code execution | CVE-2022-24861

7-ZIP hhctrl.ocx code execution |

XPLATFORM code execution | CVE-2021-26626

libinput code execution | CVE-2022-1215

Kyocera d-COLOR MF3555 cross-site scripting | CVE-2022-25344

wire-webapp cross-site scripting | CVE-2022-24799

Shopware security bypass | CVE-2022-24872

USR IOT 4G LTE Industrial Cellular VPN Router default account |

Nexacro security bypass | CVE-2021-26625

Oracle Helidon unspecified | CVE-2022-21404

Amazon Linux log4j-cve-2021-44228-hotpatch package privilege escalation | CVE-2022-0070

Elcomplus SmartPPT SCADA security bypass | CVE-2021-43939

Oracle Solaris unspecified | CVE-2022-21446

Oracle Communications Billing and Revenue Management unspecified | CVE-2022-21430

Tp-Link TL-WR840N (EU) buffer overflow | CVE-2021-46122

Cobalt Strike Beacon Detected – 196[.]251[.]84[.]126:7777

Cobalt Strike Beacon Detected – 45[.]66[.]157[.]21:2083

Cobalt Strike Beacon Detected – 43[.]160[.]193[.]143:443

Cobalt Strike Beacon Detected – 38[.]45[.]120[.]236:81

Cobalt Strike Beacon Detected – 47[.]105[.]109[.]241:82

You may have missed