Skip to main content
CVE-2022-0778 HIGH POC PATCH CISA Act Now

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service OpenSSL Debian Linux Cloud Volumes Ontap Mediator Clustered Data Ontap +9
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
7.8%
Threat
5.2
CVE-2022-27005 CRITICAL POC Act Now

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.5%
CVE-2022-27004 CRITICAL POC Act Now

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-27003 CRITICAL POC Act Now

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-27002 CRITICAL POC Act Now

Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns、ddns_host parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Arris Tr3300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
6.1%
CVE-2022-27001 CRITICAL POC Act Now

Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Arris Tr3300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-27000 CRITICAL POC Act Now

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Arris Tr3300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-26999 CRITICAL POC Act Now

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Arris Tr3300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-26998 CRITICAL POC Act Now

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Arris Tr3300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-26997 CRITICAL POC Act Now

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Arris Tr3300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-26996 CRITICAL POC Act Now

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Arris Tr3300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-26995 CRITICAL POC Act Now

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Arris Tr3300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-26994 CRITICAL POC Act Now

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sbr Ac1900P Firmware Sbr Ac3200P Firmware Sbr Ac1200P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-26993 CRITICAL POC Act Now

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sbr Ac1900P Firmware Sbr Ac3200P Firmware Sbr Ac1200P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-26992 CRITICAL POC Act Now

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sbr Ac1900P Firmware Sbr Ac3200P Firmware Sbr Ac1200P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-26991 CRITICAL POC Act Now

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sbr Ac1900P Firmware Sbr Ac3200P Firmware Sbr Ac1200P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-26990 CRITICAL POC Act Now

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sbr Ac1900P Firmware Sbr Ac3200P Firmware Sbr Ac1200P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-26214 CRITICAL POC Act Now

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware A3100R Firmware A950rg Firmware A800R Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-26213 CRITICAL POC THREAT Act Now

Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
25.6%
CVE-2022-26212 CRITICAL POC Act Now

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware A3100R Firmware A950rg Firmware A800R Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-26211 CRITICAL POC Act Now

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware A3100R Firmware A950rg Firmware A800R Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-26210 CRITICAL POC Act Now

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware A3100R Firmware A950rg Firmware A800R Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
5.7%
CVE-2022-26209 CRITICAL POC Act Now

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware A3100R Firmware A950rg Firmware A800R Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-26208 CRITICAL POC Act Now

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware A3100R Firmware A950rg Firmware A800R Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-26207 CRITICAL POC Act Now

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware A3100R Firmware A950rg Firmware A800R Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-26206 CRITICAL POC Act Now

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware A3100R Firmware A950rg Firmware A800R Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-25498 CRITICAL POC Act Now

CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-25495 CRITICAL POC Act Now

The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-25494 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-25492 CRITICAL POC Act Now

HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25490 CRITICAL POC Act Now

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25488 CRITICAL POC Act Now

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Atomcms
NVD GitHub
CVSS 3.1
9.8
EPSS
7.1%
CVE-2022-25487 CRITICAL POC THREAT Act Now

Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Atomcms
NVD GitHub
CVSS 3.1
9.8
EPSS
54.8%
CVE-2022-24755 CRITICAL POC PATCH Act Now

Bareos is open source software for backup, archiving, and recovery of data for operating systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Bareos
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-25486 HIGH POC This Week

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cuppacms
NVD GitHub
CVSS 3.1
7.8
EPSS
10.0%
CVE-2022-25485 HIGH POC This Week

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cuppacms
NVD GitHub
CVSS 3.1
7.8
EPSS
7.9%
CVE-2022-25491 HIGH POC This Week

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-26779 HIGH POC This Week

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apache Information Disclosure Cloudstack
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-24756 HIGH POC PATCH This Week

Bareos is open source software for backup, archiving, and recovery of data for operating systems. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Bareos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-0944 HIGH POC PATCH This Week

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Ssti Code Injection Sqlpad
NVD GitHub
CVSS 3.1
7.2
EPSS
8.7%
CVE-2022-25493 MEDIUM POC This Month

HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0951 MEDIUM POC PATCH This Month

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-24752 CRITICAL PATCH Act Now

SyliusGridBundle is a package of generic data grids for Symfony applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Syliusgridbundle
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-0968 MEDIUM POC PATCH This Month

The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Microweber
NVD GitHub
CVSS 3.1
5.5
EPSS
3.7%
CVE-2022-0961 MEDIUM POC PATCH This Month

The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Microweber
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-25489 MEDIUM POC This Month

Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Atomcms
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2022-0970 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Grav
NVD GitHub
CVSS 3.1
5.4
EPSS
1.8%
CVE-2022-0967 MEDIUM POC PATCH This Month

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.3%
CVE-2022-0966 MEDIUM POC PATCH This Month

Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0965 MEDIUM POC PATCH This Month

Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy