👾KEYWORD SERVICE 🏷#cnvd
Name: CNVD-2022-10270
Github: https://github.com/yilin1203/CNVD-2022-10270

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36537
Github: https://github.com/OneByt3/CVE-2022-36537
Describe:
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-2601
Github: https://github.com/zhangboyang/cve-2022-2601
Describe:
**

👾KEYWORD SERVICE 🏷#cnvd
Name: CNVD
Github: https://github.com/AA3rch1ru/CNVD

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43096
Github: https://github.com/ProxyStaffy/Mediatrix-CVE-2022-43096
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-30525
Github: https://github.com/trhacknon/CVE-2022-30525-Reverse-Shell
Describe:
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31691
Github: https://github.com/SpindleSec/CVE-2022-31691
Describe:
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.

** xray ** 🔧Tool update
Tools name：xray
Tools url：https://github.com/chaitin/xray/commit/4f47fb13a2454590309eaf2279ba2c9a3b1150fe
commitUpdate log：
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)

Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>

Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Co-authored-by: DroidKali <DroidKali@users.noreply.github.com>

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0441
Github: https://github.com/SDragon1205/cve-2022-0441
Describe:
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40127
Github: https://github.com/Mr-xn/CVE-2022-40127
Describe:
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.

** fscan ** 🔧Tool update
Tools name：fscan
Tools url：https://github.com/shadow1ng/fscan/commit/ae86f08432fce6a4941e245c0373f13e8a2e5f71
commitUpdate log：
Merge remote-tracking branch 'origin/main'

# Conflicts:
# Plugins/webtitle.go
# WebScan/WebScan.go
# WebScan/pocs/Hotel-Internet-Manage-RCE.yml

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3992
Github: https://github.com/Urban4/CVE-2022-3992
Describe:
A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3546
Github: https://github.com/thehackingverse/CVE-2022-3546
Describe:
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-44830
Github: https://github.com/RashidKhanPathan/CVE-2022-44830
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43117
Github: https://github.com/RashidKhanPathan/CVE-2022-43117
Describe:
**

** fscan ** 🔧Tool update
Tools name：fscan
Tools url：https://github.com/shadow1ng/fscan/releases/tag/1.8.2
Update log：
加入hash碰撞、wmiiexec无回显命令执行

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41923
Github: https://github.com/grails/GSSC-CVE-2022-41923
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-45472
Github: https://github.com/nicbrinkley/CVE-2022-45472
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-44789
Github: https://github.com/alalng/CVE-2022-44789
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-39425
Github: https://github.com/bob11vrdp/CVE-2022-39425
Describe:
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-32060
Github: https://github.com/bypazs/CVE-2022-32060
Describe:
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.