Skip to main content
CVE-2022-26111 HIGH POC This Week

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Irisnext
NVD GitHub
CVSS 3.1
8.8
EPSS
4.1%
CVE-2022-28053 HIGH POC This Week

Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Typemill
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-1459 HIGH POC PATCH This Week

Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
8.3
EPSS
1.0%
CVE-2022-29603 HIGH POC PATCH This Week

A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Universis Api
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-36460 HIGH POC This Week

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Veryfitpro
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-1441 HIGH POC PATCH This Week

MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gpac Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-1392 HIGH POC THREAT This Week

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Videos Sync Pdf
NVD WPScan
CVSS 3.1
7.5
EPSS
11.3%
CVE-2022-0656 HIGH POC This Week

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress Information Disclosure Web To Print Shop
NVD WPScan
CVSS 3.1
7.5
EPSS
7.9%
CVE-2022-29419 HIGH This Week

SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress 3Xsocializer
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-22392 HIGH This Week

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE IBM File Upload Planning Analytics Workspace
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2022-24792 HIGH PATCH This Week

PJSIP is a free and open source multimedia communication library written in C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pjsip Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-28871 HIGH This Week

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlant
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-29546 HIGH PATCH This Week

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Htmlunit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy