Skip to main content
CVE-2022-24720 CRITICAL POC PATCH Act Now

image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Image Processing Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-24254 HIGH POC This Week

An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-24252 HIGH POC This Week

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-25018 HIGH POC This Week

Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Pluxml
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-24255 HIGH POC This Week

Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-24251 HIGH POC This Week

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-24253 HIGH POC This Week

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-23380 HIGH POC This Week

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Taocms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-43619 HIGH POC PATCH This Week

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Trusted Firmware M
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23387 HIGH POC This Week

An issue was discovered in taocms 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Taocms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-23377 HIGH POC This Week

Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Archeevo
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-0777 HIGH POC PATCH This Week

Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-0776 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Reveal Js
NVD GitHub
CVSS 3.1
6.1
EPSS
3.7%
CVE-2021-44961 MEDIUM POC This Month

A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libslic3R
NVD VulDB
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-25020 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pluxml
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-25022 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Htmly
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-25012 MEDIUM POC This Month

Argus Surveillance DVR v4.0 employs weak password encryption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dvr
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-26332 MEDIUM POC This Month

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cipi
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-42951 HIGH This Week

A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Msol
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-25010 CRITICAL PATCH Act Now

The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Stepmania
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-22300 HIGH This Week

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer Fortimanager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-22262 HIGH This Week

ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rog Live Service
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2022-24718 MEDIUM PATCH This Month

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ssr Pages
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-24719 MEDIUM PATCH MAL This Month

Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fluture Node
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-24717 MEDIUM PATCH This Month

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ssr Pages
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-22321 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Mq
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-24446 MEDIUM This Month

An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Key Manager Plus
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy