CVE-2021-22952

A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk devices assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and lat...

CVE-2025-22952

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

CVE-2025-22952

creationtimestamp| type| source ---|---|--- 2025-02-27 21:59:03+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lj6v7znxps25 2025-02-27 23:27:09+00:00| seen| https://t.me/cvedetector/19091 2025-03-04 11:20:50+00:00| confirmed|...

CVE-2025-22952

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

CVE-2025-22952

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

CVE-2025-22952

Elestio memos v0.23.0 is affected by a Server-Side Request Forgery (SSRF) due to insufficient URL validation. The linked Nuclei template and Open Source advisories confirm SSRF risk, with suggested remediation to upgrade to Memos v0.24.1 or later (templates cite v0.24.0 as vulnerable). Affected s...

SugarCRM 12.x Remote Code Execution / Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' class MetasploitModule 'SugarCRM unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits CVE-2023-22952, a Remote Code...

SugarCRM 12.x Remote Code Execution / Shell Upload Exploit

This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2. This module requires Metasploit:...

SugarCRM unauthenticated Remote Code Execution (RCE)

This module exploits CVE-2023-22952, a Remote Code Execution RCE vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2. The vulnerability occurs due to a lack of appropriat...

CVE-2023-22952

creationtimestamp| type| source ---|---|--- 2023-02-03 06:39:42+00:00| exploited| https://t.me/thehackernews/3014 2023-03-09 17:01:25+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sugarcrmwebshellcve202322952.rb 2023-03-11 12:57:01+00:00|...

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on February 2 added two security flaws to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 CVSS score: 9.8, a critical issue impacting...

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability

A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to ...

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. Recent assessments: h00die-gr3y at January 18, 2023 8:56am UTC reported: Last December, 28th 2022, a zero.day vulnerability in the SugarCRM applicati...

CVE-2023-22952

SugarCRM is affected by CVE-2023-22952, a remote code execution in the EmailTemplates flow before 12.0, hotfix 91155. An attacker can upload a crafted PNG with embedded PHP to /index.php?module=EmailTemplates&action=AttachFiles (no input validation) and execute code on the server. Some sources in...

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control

VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked as CVE-2022-22951 and CVE-2022-2295...

CVE-2022-22952

creationtimestamp| type| source ---|---|--- 2022-03-23 23:29:01+00:00| seen| https://t.me/cibsecurity/39445 2022-03-24 04:43:48+00:00| seen| https://t.me/thehackernews/2006 2022-03-24 13:28:00+00:00| seen| https://t.me/truesecator/2768 2022-03-25 12:32:59+00:00| seen|...

CVE-2022-22952

CVE-2022-22952 affects VMware Carbon Black App Control. Affected only when an attacker has administrative access to the App Control administration interface: uploading a specially crafted file can lead to code execution on the Windows AppC Server. Affected versions are 8.5.x before 8.5.14, 8.6.x ...

VMware Carbon Black App Control update addresses multiple vulnerabilities (CVE-2022-22951, CVE-2022-22952)

3a. OS command injection vulnerability in VMware Carbon Black App Control CVE-2022-22951 VMware Carbon Black App Control contains an OS command injection vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1. 3b...