Security Vulnerabilities - CVEs Published In February 2022
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
CVSS Score
6.1
EPSS Score
0.033
Published
2022-02-15
HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.
CVSS Score
6.5
EPSS Score
0.007
Published
2022-02-15
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.
CVSS Score
7.5
EPSS Score
0.68
Published
2022-02-15
Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-02-15
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
CVSS Score
4.3
EPSS Score
0.005
Published
2022-02-15
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-15
CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.
CVSS Score
8.8
EPSS Score
0.013
Published
2022-02-15
Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-15
CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-02-15
YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add
CVSS Score
8.8
EPSS Score
0.001
Published
2022-02-15