Security Vulnerabilities - CVEs Published In April 2022
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
CVSS Score
9.8
EPSS Score
0.943
Published
2022-04-27
Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-04-27
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.
CVSS Score
9.1
EPSS Score
0.915
Published
2022-04-27
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.043
Published
2022-04-27
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.043
Published
2022-04-27
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization.
CVSS Score
8.8
EPSS Score
0.23
Published
2022-04-27
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization.
CVSS Score
9.8
EPSS Score
0.087
Published
2022-04-27
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
CVSS Score
6.3
EPSS Score
0.003
Published
2022-04-27
A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like <script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-04-27
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-27