Lucene search
K

11235 matches found

Prion
Prion
added 2023/01/30 9:15 p.m.23 views

Default credentials

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE...

7.5CVSS9.6AI score0.17569EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/01/30 8:31 p.m.119 views

CVE-2022-4395

The CVE-2022-4395 entry describes a vulnerability in the WordPress plugin “Membership For WooCommerce” prior to version 2.1.7 where uploaded files are not validated, allowing unauthenticated users to upload arbitrary files (e.g., PHP), enabling remote code execution. Affected software: Membership...

9.8CVSS9.6AI score0.17569EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2023/01/30 8:31 p.m.26 views

CVE-2022-4395 Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload

The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE...

9.9AI score0.17569EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2023/01/30 12:57 p.m.769 views

Exploit for Use After Free in Adobe Acrobat_Dc

CVE-2023-21608 !Twitter Followhttps://img.shields.io/twit...

7.8CVSS8.1AI score0.61475EPSS
Exploits2
CVE
CVE
added 2023/01/30 5:0 a.m.91 views

CVE-2022-25967

The CVE-2022-25967 issue affects the ETA npm package prior to 2.0.0. An RCE vulnerability arises by overwriting template engine configuration variables with view options received from the Express render API, exploitable only when rendering templates with user-supplied data. Remediation: upgrade E...

8.8CVSS8.9AI score0.01995EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/01/30 12:0 a.m.82 views

CVE-2022-48175

CVE-2022-48175 affects Rukovoditel v3.2.1. The vulnerability is described as a remote code execution (RCE) in the web path /rukovoditel/index.php?module=dashboard/ajax_request. The initial description provides the existence of an RCE but does not detail the root cause, affected subcomponents beyo...

9.8CVSS9.8AI score0.0174EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2023/01/27 8:15 p.m.15 views

CVE-2022-48116

AyaCMS v3.1.2 was discovered to contain a remote code execution RCE vulnerability via the component /admin/tpledit.inc.php...

7.2CVSS7.5AI score0.01357EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/01/27 12:0 a.m.44 views

Rocky Linux 9 : php (RLSA-2022:8197)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8197 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the...

9.8CVSS7.7AI score0.03437EPSS
Exploits2References8
CVE
CVE
added 2023/01/27 12:0 a.m.70 views

CVE-2022-48116

AyaCMS v3.1.2 is affected by a remote code execution (RCE) vulnerability in the /admin/tpl_edit.inc.php component. The issue is confirmed across multiple sources (NVD, Red Hat, CNNVD, CVE list, etc.). The CVE-entry describes an RCE with high impact (C/H/I/A) and network attack vector, without use...

7.2CVSS7.5AI score0.01357EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/26 9:30 p.m.32 views

Remote Code Execution in com.bstek.uflo:uflo-core

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...

9.8CVSS6.5AI score0.02575EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/01/26 9:30 p.m.45 views

GHSA-9W5J-4MWV-2WJ8 Remote code execution in simple-git

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...

9.8CVSS9.1AI score0.02712EPSS
Exploits1References4
Prion
Prion
added 2023/01/26 9:15 p.m.18 views

Input validation

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...

7.5CVSS9.7AI score0.02575EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/01/26 12:14 p.m.62 views

Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes v1.0.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.8AI score0.02836EPSS
Exploits4References8
CVE
CVE
added 2023/01/25 5:0 a.m.94 views

CVE-2022-25894

CVE-2022-25894 affects com.bstek.uflo:uflo-core. The vulnerability is an RCE in ExpressionContextImpl via jexl.createExpression(expression).evaluate(context) caused by improper user input validation. Affected versions are not clearly bounded in the provided documents; remediation/version fix info...

9.8CVSS9.7AI score0.02575EPSS
Exploits1References3Affected Software1
Malwarebytes
Malwarebytes
added 2023/01/25 4:0 a.m.64 views

Update vRealize now! VMware patches critical RCE vulnerabilities

VMware has issued a security advisory for vRealize Log Insight that covers four vulnerabilities reported privately by the Zero Day Initiative ZDI. Two of these vulnerabilities are rated as critical. The issues have been fixed on vRealize Log Insight 8.10.2, so users should upgrade to the latest...

10AI score0.87077EPSS
Exploits3
Veracode
Veracode
added 2023/01/24 8:59 p.m.25 views

Remote Code Execution(RCE)

firefox is vulnerable to Remote Code ExecutionRCE. Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser which allows an attacker to...

6.5CVSS5.3AI score0.00641EPSS
Exploits0References5Affected Software6
CVE
CVE
added 2023/01/24 5:0 a.m.106 views

CVE-2022-25860

The CVE-2022-25860 entry concerns the simple-git package. Versions before 3.16.0 are vulnerable to Remote Code Execution via clone(), pull(), push(), and listRemote() due to improper input sanitization, tied to an incomplete fix of CVE-2022-25912. CERT/OSV/NVD/IBM/Red Hat references confirm the i...

9.8CVSS9.7AI score0.02712EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/01/24 5:0 a.m.31 views

CVE-2022-25860

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...

8.1CVSS10AI score0.02712EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2023/01/23 10:45 a.m.476 views

Exploit for Improper Input Validation in Zohocorp Manageengine_Access_Manager_Plus

CVE-2022-47966 ManageEngine RCE 2022 This repo is part of t...

9.8CVSS9.3AI score0.99753EPSS
Exploits15
Cvelist
Cvelist
added 2023/01/23 12:0 a.m.26 views

CVE-2023-21775 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

...

8.3CVSS8.8AI score0.00987EPSS
Exploits0References1
Rows per page
Query Builder