Skip to main content
CVE-2022-35508 CRITICAL POC Act Now

Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Privilege Escalation Proxmox Mail Gateway Pve Http Server Virtual Environment
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-46405 HIGH POC This Week

Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mastodon
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35507 HIGH POC This Week

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Code Injection Proxmox Mail Gateway Pve Http Server Virtual Environment
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2022-46414 CRITICAL Act Now

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Appliance Netbackup Flex Scale Appliance
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-46413 HIGH This Week

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Access Appliance Netbackup Flex Scale Appliance
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-46412 HIGH This Week

An issue was discovered in Veritas NetBackup Flex Scale through 3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Netbackup Flex Scale Appliance
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-46411 HIGH This Week

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Access Appliance Netbackup Flex Scale Appliance
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-46410 HIGH This Week

An issue was discovered in Veritas NetBackup Flex Scale through 3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Netbackup Flex Scale Appliance
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-35730 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Oceanwp sticky header plugin <= 1.0.8 on WordPress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Sticky Header
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-40968 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS 2Kb Amazon Affiliates Store
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-46391 MEDIUM PATCH This Month

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Awstats Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy