Skip to main content
CVE-2022-28062 HIGH POC This Week

Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Online Car Rental System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-27435 HIGH POC This Week

An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ecommerce Website
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-1026 HIGH POC THREAT This Week

Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Net Viewer
NVD
CVSS 3.1
8.6
EPSS
15.1%
CVE-2022-0403 HIGH POC This Week

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress File Upload Library File Manager
NVD WPScan
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-27442 HIGH POC This Week

TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tpcms
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-0709 HIGH POC This Week

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Booking Package
NVD WPScan
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-0887 HIGH POC This Week

The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Easy Social Icons
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-0537 HIGH POC This Week

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Mappress
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-24801 HIGH PATCH This Week

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Python Request Smuggling Twisted Debian Linux +2
NVD GitHub
CVSS 3.1
8.1
EPSS
2.8%
CVE-2022-23699 HIGH This Week

A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27650 HIGH PATCH This Week

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Crun Fedora Openshift Container Platform +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-27649 HIGH PATCH This Week

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Podman Developer Tools Openshift Container Platform +11
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-23698 HIGH This Week

A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-1174 HIGH This Week

A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-26572 HIGH This Week

Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Colorqube 8580 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-24787 HIGH PATCH This Week

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-24785 HIGH PATCH This Week

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Path Traversal Moment Tenable Sc Active Iq +2
NVD GitHub
CVSS 3.1
7.5
EPSS
5.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy