Skip to main content
CVE-2022-1239 HIGH POC This Week

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Hubspot
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-0952 HIGH POC THREAT This Week

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Sitemap
NVD WPScan
CVSS 3.1
8.8
EPSS
13.3%
CVE-2022-28572 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ax1806 Firmware Ax1803 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-23064 HIGH POC PATCH This Week

In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Snipe It
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-23904 HIGH POC This Week

Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Auctionworx
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2022-24897 HIGH POC PATCH This Week

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Java Path Traversal Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-1273 HIGH POC This Week

The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Import Wp
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-29968 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.17.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora H300s Firmware +5
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-29849 HIGH PATCH This Week

In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Openedge
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-23723 HIGH This Week

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pingone Mfa Integration Kit
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2022-28613 HIGH This Week

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rtu500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-27983 HIGH This Week

RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Rg Nbr2100G E Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-29970 HIGH PATCH This Week

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinatra Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-28451 HIGH PATCH This Week

nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nopcommerce
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy