Skip to main content
CVE-2022-2356 HIGH POC This Week

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress User Private Files
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-2703 HIGH POC This Week

A vulnerability was found in SourceCodester Gym Management System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gym Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2700 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Gym Management System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gym Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2367 HIGH POC This Week

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wsm Downloader
NVD WPScan
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-2357 HIGH POC This Week

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Path Traversal PHP Wsm Downloader
NVD WPScan
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-2704 HIGH POC This Week

A vulnerability was found in SourceCodester Simple E-Learning System. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Simple E Learning System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2699 HIGH POC This Week

A vulnerability was found in SourceCodester Simple E-Learning System. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple E Learning System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-2697 HIGH POC This Week

A vulnerability was found in SourceCodester Simple E-Learning System. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple E Learning System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-36265 HIGH POC This Week

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Airspot 5410 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-34293 HIGH This Week

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wolfssl
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-35488 HIGH This Week

In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zammad
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-35487 HIGH This Week

Zammad 5.2.0 suffers from Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy