| 936 | CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection |
RCE
Code injection
Security code review |
Sophos |
Guy Lederfein (@glederfein) |
Bug Bounty | 2022-10-19 | 2023-06-13 |
| 929 | Potential Remote Code Execution Vulnerability Discovered In HSQLDB |
RCE
Security code review |
HSQL Development Group (HSQLDB) |
Code Intelligence (@CI_Fuzz) |
Bug Bounty | 2022-10-19 | 2023-06-13 |
| 910 | Eat What You Kill :: Pre-authenticated Remote Code Execution in VMWare NSX Manager |
RCE
Insecure deserialization
Security code review |
VMware |
Sina Kheirkhah (@SinSinology) |
Bug Bounty | 2022-10-25 | 2023-06-13 |
| 887 | Exploiting Static Site Generators: When Static Is Not Actually Static |
SSRF
XSS
Security code review |
Netlify
Gatsby |
Shubham Shah (@infosec_au) |
Bug Bounty | 2022-10-28 | 2023-06-13 |
| 832 | SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution |
SQL injection
RCE
Security code review |
Cisco |
- |
Bug Bounty | 2022-11-14 | 2023-06-13 |
| 831 | SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege |
Hardcoded credentials
Security code review
JWT
Privilege escalation |
Cisco |
- |
Bug Bounty | 2022-11-14 | 2023-06-13 |
| 828 | Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3) |
RCE
Code injection
SSRF
Line Feed injection
Arbitrary file read
Authentication bypass
Security code review |
Checkmk |
Stefan Schiller (@scryh_) |
Bug Bounty | 2022-11-15 | 2023-06-13 |
| 784 | From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942) |
Authentication bypass
Kerberos
RCE
Privilege escalation
Security code review |
Intel |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2022-11-23 | 2023-06-13 |
| 783 | Multiple vulnerabilities in H2O ≤ 3.32.1.3 |
Insecure deserialization
RCE
Arbitrary file read
Security code review |
H2O |
Clément Amic |
Bug Bounty | 2022-11-23 | 2023-06-13 |
| 777 | Exploiting an N-day vBulletin PHP Object Injection Vulnerability |
PHP Object Injection
Security code review |
vBulletin |
Egidio Romano / EgiX |
Bug Bounty | 2022-11-26 | 2023-06-13 |
| 760 | discord.exe – Improper Input Validation |
Security code review
Local Privilege Escalation
Phishing |
Discord |
RiotSecTeam (@RiotSecTeam) |
Bug Bounty | 2022-11-28 | 2023-06-13 |
| 759 | Cross-Site Scripting in CodeIgniter version 3.1.13 |
Reflected XSS
Security code review |
CodeIgniter |
Antoine Cervoise |
Bug Bounty | 2022-11-29 | 2023-06-13 |
| 755 | Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0 |
Unrestricted file upload
Security code review
RCE |
Rocket Software |
Mehdi Elyassa |
Bug Bounty | 2022-11-30 | 2023-06-13 |
| 748 | Bypassing The Client Side Encryption To Read Internal Windows Server Files |
Client-side encryption bypass
LFI
Security code review |
NA |
Abhishek Morla (@abhishekmorla) |
Bug Bounty | 2022-12-01 | 2023-06-13 |
| 746 | From Zero to Hero Part 2: From SQL Injection to RCE on Intel DCM (CVE-2022-21225) |
SQL injection
Kerberos
RCE
Privilege escalation
Security code review |
Intel |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2022-12-01 | 2023-06-13 |
| 740 | Pre-Auth RCE with CodeQL in Under 20 Minutes |
Security code review
RCE
Command injection
Authorization flaw |
pgAdmin |
Florian Hauser (@frycos) |
Bug Bounty | 2022-12-02 | 2023-06-13 |
| 724 | The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022 |
Command injection
RCE
Security code review |
Netgear |
Vu Thi Lan (@lanleft_) |
Bug Bounty | 2022-12-06 | 2023-06-13 |
| 723 | Cool Vulns Don%27t Live Long - Netgear And Pwn2Own |
Code injection
RCE
Security code review |
Netgear |
Kevin Denis |
Bug Bounty | 2022-12-06 | 2023-06-13 |
| 689 | FlowscreenComponents Basepack, Version 3.0.7 Advisory |
XSS
Security code review |
UnofficialSF |
Matthew Rutledge |
Bug Bounty | 2022-12-15 | 2023-06-13 |
| 685 | CVE-2022-42710: A journey through XXE to Stored-XSS |
Stored XSS
XXE
Security code review |
Linear |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-12-16 | 2023-06-13 |
| 668 | Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951) |
SSRF
Security code review |
Cisco |
smaury (@smaury92) |
Bug Bounty | 2022-12-21 | 2023-06-13 |
| 660 | Puckungfu: A NETGEAR WAN Command Injection |
OS command injection
Security code review |
Netgear |
McCaulay Hudson (@_mccaulay) |
Bug Bounty | 2022-12-22 | 2023-06-13 |
| 648 | How I found multiple critical bugs in Red Bull |
Authentication bypass
HTTP response manipulation
Path traversal
LFI
XSS
SQL injection
RCE
Unrestricted file upload
RFI
Security code review |
Red Bull |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-12-26 | 2023-06-13 |
| 620 | Cacti: Unauthenticated Remote Code Execution |
RCE
Authentication bypass
OS command injection
Security code review |
Cacti |
Stefan Schiller (@scryh_) |
Bug Bounty | 2023-01-03 | 2023-06-13 |
| 616 | PandoraFMS - Pre-Auth Remote Code Execution |
RCE
Path traversal
Arbitrary file upload
LFI
Security code review |
PandoraFMS |
esj4y (@esj4y) |
Bug Bounty | 2023-01-06 | 2023-06-13 |
