Skip to main content
CVE-2022-1119 HIGH POC PATCH THREAT Act Now

The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 85.8%.

PHP WordPress Path Traversal Simple File List
NVD WPScan VulDB
CVSS 3.1
7.5
EPSS
85.8%
Threat
5.6
CVE-2022-1329 HIGH POC PATCH THREAT Act Now

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE WordPress File Upload Website Builder
NVD
CVSS 3.1
8.8
EPSS
92.7%
CVE-2022-0992 CRITICAL POC Act Now

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Security Optimizer
NVD VulDB
CVSS 3.1
9.8
EPSS
4.4%
CVE-2022-25648 CRITICAL POC PATCH Act Now

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Extra Packages For Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2022-27927 CRITICAL POC THREAT Act Now

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microfinance Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
13.8%
CVE-2022-0071 HIGH POC This Week

Incomplete fix for CVE-2021-3101. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Hotdog
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-0070 HIGH POC This Week

Incomplete fix for CVE-2021-3100. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Java Log4Jhotpatch
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-29315 HIGH POC This Week

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Acunetix
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-1065 HIGH POC This Week

A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Abacus Erp 2018 Abacus Erp 2019 Abacus Erp 2020 Abacus Erp 2021 +1
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2022-28108 HIGH POC PATCH THREAT This Week

Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Selenium Grid
NVD
CVSS 3.1
8.8
EPSS
11.7%
CVE-2022-27055 HIGH POC This Week

ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Daojia
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-29153 HIGH POC PATCH This Week

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Hashicorp HashiCorp Consul Fedora
NVD
CVSS 3.1
7.5
EPSS
8.7%
CVE-2022-28222 MEDIUM POC This Month

The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php`. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS WordPress Antispam
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2022-0645 MEDIUM POC PATCH This Month

Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Posthog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21431 CRITICAL Act Now

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Communications Billing And Revenue Management
NVD
CVSS 3.1
10.0
EPSS
2.1%
CVE-2022-27862 CRITICAL Act Now

Arbitrary File Upload leading to RCE in E4J s.r.l. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress File Upload Vikbooking Hotel Booking Engine Property Management System Plugin
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-21445 CRITICAL KEV THREAT Act Now

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Oracle Application Development Framework
NVD
CVSS 3.1
9.8
EPSS
62.5%
CVE-2022-21420 CRITICAL Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Coherence
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-27104 CRITICAL Act Now

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Formalms
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-21442 HIGH This Week

Vulnerability in Oracle GoldenGate (component: OGG Core Library). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Oracle Information Disclosure Goldengate
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-1384 HIGH PATCH This Week

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-0993 HIGH This Week

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass WordPress Siteground Security
NVD VulDB
CVSS 3.1
8.1
EPSS
3.3%
CVE-2022-1385 MEDIUM POC PATCH This Month

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2022-21430 HIGH This Week

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Information Disclosure Communications Billing And Revenue Management
NVD
CVSS 3.1
8.5
EPSS
1.2%
CVE-2022-21424 HIGH This Week

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Oracle Communications Billing And Revenue Management
NVD
CVSS 3.1
8.3
EPSS
1.3%
CVE-2022-21464 HIGH This Week

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
8.2
EPSS
2.1%
CVE-2022-21446 HIGH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Solaris
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2022-21497 HIGH This Week

Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Web Services Manager
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2022-21404 HIGH This Week

Vulnerability in the Helidon product of Oracle Fusion Middleware (component: Reactive WebServer). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Information Disclosure Helidon
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2022-27527 HIGH This Week

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-25788 HIGH This Week

A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Advance Steel Autocad +9
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-21491 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-21476 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java Graalvm Jdk +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-21466 HIGH This Week

Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools and Frameworks). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Commerce Guided Search
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-21449 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Graalvm Jdk +14
NVD
CVSS 3.1
7.5
EPSS
48.2%
CVE-2022-21441 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-21422 HIGH This Week

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Information Disclosure Communications Billing And Revenue Management
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-21421 HIGH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-21410 HIGH This Week

Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Database
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-21465 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-1187 MEDIUM PATCH This Month

The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the ~/inc/admin.php file which allows unauthenticated attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress PHP XSS Wp Youtube Live
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.4%
CVE-2022-21498 MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Oracle Database
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-21471 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-21467 MEDIUM This Month

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Attachments). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Agile Plm
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-21454 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-21447 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (component: Advising Notes). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Cs Academic Advisement
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-21490 MEDIUM This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). No vendor patch available.

Oracle Information Disclosure Mysql Cluster Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
6.3
EPSS
78.7%
CVE-2022-21489 MEDIUM This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). No vendor patch available.

Oracle Information Disclosure MySQL Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
6.3
EPSS
78.9%
CVE-2022-21483 MEDIUM This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). No vendor patch available.

Oracle Information Disclosure MySQL Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
6.3
EPSS
3.0%
CVE-2022-21482 MEDIUM This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). No vendor patch available.

Oracle Information Disclosure MySQL Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
6.3
EPSS
3.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy