Skip to main content
CVE-2022-1119 HIGH POC PATCH THREAT Act Now

The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 85.8%.

PHP WordPress Path Traversal Simple File List
NVD WPScan VulDB
CVSS 3.1
7.5
EPSS
85.8%
Threat
5.6
CVE-2022-1329 HIGH POC PATCH THREAT Act Now

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE WordPress File Upload Website Builder
NVD
CVSS 3.1
8.8
EPSS
92.7%
CVE-2022-0071 HIGH POC This Week

Incomplete fix for CVE-2021-3101. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Hotdog
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-0070 HIGH POC This Week

Incomplete fix for CVE-2021-3100. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Java Log4Jhotpatch
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-29315 HIGH POC This Week

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Acunetix
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-1065 HIGH POC This Week

A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Abacus Erp 2018 Abacus Erp 2019 Abacus Erp 2020 Abacus Erp 2021 +1
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2022-28108 HIGH POC PATCH THREAT This Week

Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Selenium Grid
NVD
CVSS 3.1
8.8
EPSS
11.7%
CVE-2022-27055 HIGH POC This Week

ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Daojia
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-29153 HIGH POC PATCH This Week

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Hashicorp HashiCorp Consul Fedora
NVD
CVSS 3.1
7.5
EPSS
8.7%
CVE-2022-21442 HIGH This Week

Vulnerability in Oracle GoldenGate (component: OGG Core Library). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Oracle Information Disclosure Goldengate
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-1384 HIGH PATCH This Week

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-0993 HIGH This Week

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass WordPress Siteground Security
NVD VulDB
CVSS 3.1
8.1
EPSS
3.3%
CVE-2022-21430 HIGH This Week

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Information Disclosure Communications Billing And Revenue Management
NVD
CVSS 3.1
8.5
EPSS
1.2%
CVE-2022-21424 HIGH This Week

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Oracle Communications Billing And Revenue Management
NVD
CVSS 3.1
8.3
EPSS
1.3%
CVE-2022-21464 HIGH This Week

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
8.2
EPSS
2.1%
CVE-2022-21446 HIGH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Solaris
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2022-21497 HIGH This Week

Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Web Services Manager
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2022-21404 HIGH This Week

Vulnerability in the Helidon product of Oracle Fusion Middleware (component: Reactive WebServer). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Information Disclosure Helidon
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2022-27527 HIGH This Week

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-25788 HIGH This Week

A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Advance Steel Autocad +9
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-21491 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-21476 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java Graalvm Jdk +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-21466 HIGH This Week

Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools and Frameworks). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Commerce Guided Search
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-21449 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Graalvm Jdk +14
NVD
CVSS 3.1
7.5
EPSS
48.2%
CVE-2022-21441 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-21422 HIGH This Week

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Information Disclosure Communications Billing And Revenue Management
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-21421 HIGH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-21410 HIGH This Week

Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Database
NVD
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy