Skip to main content
CVE-2022-3357 HIGH POC This Week

The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP Smart Slider 3
NVD WPScan
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-3770 HIGH POC This Week

A vulnerability classified as critical was found in Yunjing CMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Yunjing Content Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3360 HIGH POC This Week

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Deserialization WordPress PHP Learnpress
NVD WPScan
CVSS 3.1
8.1
EPSS
1.8%
CVE-2022-43752 HIGH POC This Week

Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Oracle Privilege Escalation Buffer Overflow Common Desktop Environment
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3785 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-3784 HIGH POC This Week

A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-3380 HIGH POC This Week

The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP WordPress Customizer Export Import
NVD WPScan VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-3374 HIGH POC This Week

The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP Ocean Extra
NVD WPScan VulDB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-3366 HIGH POC This Week

The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP Capabilities
NVD WPScan VulDB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-3334 HIGH POC This Week

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP Easy Wp Smtp
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-40294 HIGH This Week

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Php Point Of Sale
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-40291 HIGH This Week

The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Php Point Of Sale
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-39016 HIGH This Week

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Hubshare
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-42925 HIGH PATCH This Week

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Formalms
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-42923 HIGH PATCH This Week

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Formalms
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-41681 HIGH PATCH This Week

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Formalms
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41644 HIGH PATCH This Week

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-31690 HIGH PATCH This Week

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Java Spring Security Active Iq Unified Manager
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-3059 HIGH This Week

The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schoolbox
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-39019 HIGH This Week

Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hubshare
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-39018 HIGH This Week

Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hubshare
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41776 HIGH PATCH This Week

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-41688 HIGH PATCH This Week

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-39294 HIGH PATCH This Week

conduit-hyper integrates a conduit application with the hyper server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Conduit Hyper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2741 HIGH PATCH This Week

The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-37620 HIGH This Week

A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Html Minifier Terser Html Minifier
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-40617 HIGH This Week

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Strongswan Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy