Skip to main content
CVE-2022-1720 HIGH POC PATCH This Week

Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Debian Linux Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2022-33913 HIGH POC This Week

In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Mahara
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-1801 HIGH POC This Week

The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Very Simple Contact Form
NVD WPScan
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-1614 HIGH POC This Week

The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wp Email
NVD WPScan
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-1939 HIGH POC This Week

The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Allow Svg Files
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-1472 HIGH POC This Week

The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Better Find And Replace
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-1824 HIGH This Week

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Consumer Product Removal Tool
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-1823 HIGH This Week

Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Consumer Product Removal Tool
NVD
CVSS 3.1
7.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy