Skip to main content
CVE-2022-24254 HIGH POC This Week

An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted ZIP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-24252 HIGH POC This Week

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis Portfolio v4.0 allows remote attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-25018 HIGH POC This Week

Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Pluxml
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-24255 HIGH POC This Week

Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-24251 HIGH POC This Week

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the Catalog Asset Upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-24253 HIGH POC This Week

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload vulnerability via the component AdminFileTransferServlet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Portfolio
NVD VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-23380 HIGH POC This Week

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Taocms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-43619 HIGH POC PATCH This Week

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Trusted Firmware M
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23387 HIGH POC This Week

An issue was discovered in taocms 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Taocms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-23377 HIGH POC This Week

Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Archeevo
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-0777 HIGH POC PATCH This Week

Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-42951 HIGH This Week

A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Msol
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-22300 HIGH This Week

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer Fortimanager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-22262 HIGH This Week

ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rog Live Service
NVD
CVSS 3.1
7.7
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy