Skip to main content
CVE-2022-23347 HIGH POC THREAT Act Now

BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.1%.

Path Traversal Bigant Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
13.1%
CVE-2022-23346 HIGH POC This Week

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bigant Server
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-23349 HIGH POC This Week

BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bigant Server
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-26183 HIGH POC PATCH This Week

PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Pnpm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-0687 HIGH POC This Week

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Amelia
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-25766 HIGH POC PATCH THREAT This Week

The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ungit
NVD GitHub
CVSS 3.1
8.8
EPSS
33.9%
CVE-2022-24237 HIGH POC THREAT This Week

The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aria
NVD
CVSS 3.1
8.8
EPSS
25.3%
CVE-2022-24235 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Aria
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-0415 HIGH POC PATCH THREAT This Week

Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Gogs
NVD GitHub
CVSS 3.1
8.8
EPSS
65.2%
CVE-2022-27607 HIGH POC This Week

Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bento4
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-0229 HIGH POC This Week

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google CSRF WordPress Google Authenticator
NVD WPScan
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-23352 HIGH POC This Week

An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bigant Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-23345 HIGH POC This Week

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bigant Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-27333 HIGH POC This Week

idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Idccms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-25481 HIGH POC This Week

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Thinkphp
NVD GitHub
CVSS 3.1
7.5
EPSS
4.7%
CVE-2022-22394 HIGH PATCH This Week

The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Spectrum Protect
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-24775 HIGH PATCH This Week

guzzlehttp/psr7 is a PSR-7 HTTP message library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Drupal Psr 7
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy