Skip to main content
CVE-2022-25094 HIGH POC THREAT This Week

Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Home Owners Collection Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
23.3%
CVE-2022-26149 HIGH POC This Week

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Revolution
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
9.3%
CVE-2022-24986 HIGH This Week

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Race Condition Kcron
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23308 HIGH PATCH This Week

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Libxml2 Fedora +33
NVD GitHub
CVSS 3.1
7.5
EPSS
6.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy