Ukraine fears 'massive' Russian cyberattacks on power, infrastructure
Russia plans to conduct "Massive cyberattacks" on Ukraine and its allies' critical...
New Erbium password-stealing malware spreads as game cracks, cheats
The new 'Erbium' information-stealing malware is being distributed as fake cracks and...
Hackers use PowerPoint files for 'mouseover' malware delivery
Hackers believed to work for Russia have started using a new code execution technique that...
NVIDIA GeForce Experience beta fixes Windows 11 22H2 gaming issues
NVIDIA has acknowledged performance issues affecting systems with NVIDIA GPUs after installing...
SQL Server admins warned about Fargo ransomware
Organizations are being warned about a wave of attacks targeting Microsoft SQL Server with...
Adware on Google Play and Apple Store installed 13 million times
Security researchers have discovered 75 applications on Google Play and another ten on...
Ukraine warns allies of Russian plans to escalate cyberattacks
The Ukrainian military intelligence service warned today that Russia is planning to escalate...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
| Vendor | Last 12 months | # |
| 1187 | ||
| Microsoft | 856 | |
| Fedoraproject | 780 | |
| Debian | 613 | |
| Adobe | 494 |
Latest Vulnerabilities
-
CVE-2022-36728 - SQL Injection vulnerability in Library Management System Project Library Management System 1.0
7.5Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php.
-
CVE-2021-30071 - Cross-site Scripting vulnerability in Hestiacp
4.3A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
-
CVE-2022-27255 - Improper Input Validation vulnerability in Realtek Ecos Msdk Firmware and Ecos Rsdk Firmware
7.5In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without...
-
CVE-2022-36880 - Cross-site Scripting vulnerability in Webmin Usermin
4.3The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
-
CVE-2022-31208 - Unspecified vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
9.0An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.
Latest Critical Vulnerabilities
-
CVE-2022-31208 - Unspecified vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
9.0An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.
-
CVE-2022-31209 - Classic Buffer Overflow vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
10.0An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.
-
CVE-2022-31211 - Weak Password Requirements vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957
10.0An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.
-
CVE-2022-20216 - Unspecified vulnerability in Google Android
10.0android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android...
-
CVE-2022-20222 - Out-of-bounds Write vulnerability in Google Android 12.0/12.1
10.0In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed....
-
CVE-2022-20229 - Out-of-bounds Write vulnerability in Google Android
10.0In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional...
-
CVE-2022-20238 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
10.0'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the...
-
CVE-2022-1025 - Incorrect Authorization vulnerability in Linuxfoundation Argo-Cd
9.0All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.