Skip to main content
CVE-2022-25023 HIGH POC This Week

Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Audio File
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-0411 HIGH POC This Week

The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Asgaros Forum
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-25412 HIGH POC This Week

Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Maxsite Cms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-26181 HIGH POC This Week

Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lepton
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-23906 HIGH POC This Week

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cms Made Simple
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2022-23911 HIGH POC This Week

The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Ap Custom Testimonial
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-0383 HIGH POC This Week

The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp Review Slider
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-24712 HIGH PATCH This Week

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF Codeigniter
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-24685 HIGH PATCH This Week

HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Nomad
NVD
CVSS 3.1
7.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy