CVE-2022-26134 vulnerabilities and exploits

(subscribe to this query)

9.8

CVSSv3

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from...

Atlassian Confluence Data Center 7.18.0 Atlassian Confluence Data Center Atlassian Confluence Server 7.18.0 Atlassian Confluence Server76 Github repositories available9 Articles available

9.8

CVSSv3

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow...

Mendix Forgot Password1 Github repository available

9.8

CVSSv3

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version...

Atlassian Confluence Server Atlassian Confluence Data Center76 Github repositories available11 Articles available

NA

POC（自用）该POC是针对CVE-2022-26134、CVE-2022-46422以及常用弱口令编写的。注意：pandas版本的需要将url导入到url.txt，在对应文件夹中新建result.txt文件，运行结果会自动写入该文件。安装 pip3 install -r...

1 Github repository available

10

CVSSv3

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution....

Gitlab Gitlab40 Github repositories available1 Article available

9.8

CVSSv3

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution....

Thedaylightstudio Fuel Cms1 EDB exploit available26 Github repositories available

9.8

CVSSv3

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external...

Phpunit Project Phpunit Oracle Communications Diameter Signaling Router26 Github repositories available

9.8

CVSSv3

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar,...

Vmware Spring Framework Cisco Cx Cloud Agent Oracle Sd-wan Edge 9.0 Oracle Retail Xstore Point Of Service 20.0.1 Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0 Oracle Financial Services Analytical Applications Infrastructure 8.1.1 Oracle Sd-wan Edge 9.1 Siemens Siveillance Identity 1.6 Siemens Siveillance Identity 1.5 Siemens Sipass Integrated 2.85 Siemens Sipass Integrated 2.80 Oracle Product Lifecycle Analytics 3.6.1 Oracle Financial Services Enterprise Case Management 8.1.1.0 Oracle Financial Services Enterprise Case Management 8.1.1.1 Oracle Financial Services Behavior Detection Platform 8.1.2.0 Oracle Financial Services Behavior Detection Platform 8.1.1.1 Oracle Financial Services Behavior Detection Platform 8.1.1.0 Oracle Communications Cloud Native Core Console 1.9.0 Oracle Communications Cloud Native Core Policy 1.15.0 Oracle Communications Cloud Native Core Unified Data Repository 1.15.0 Oracle Communications Cloud Native Core Unified Data Repository 22.1.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.0 Oracle Communications Cloud Native Core Policy 22.1.0 Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0 Oracle Communications Cloud Native Core Network Slice Selection Function 22.1.0 Oracle Communications Cloud Native Core Network Repository Function 1.15.0 Oracle Communications Cloud Native Core Network Repository Function 22.1.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.1.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0 Oracle Communications Cloud Native Core Network Exposure Function 22.1.0 Oracle Communications Cloud Native Core Console 22.1.0 Oracle Communications Cloud Native Core Automated Test Suite 22.1.0 Oracle Communications Cloud Native Core Automated Test Suite 1.9.0 Oracle Retail Xstore Point Of Service 21.0.0 Oracle Financial Services Enterprise Case Management 8.1.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.1.2.0 Oracle Communications Policy Management 12.6.0.0.0 Oracle Mysql Enterprise Monitor Oracle Communications Cloud Native Core Network Slice Selection Function 1.15.0 Siemens Operation Scheduler Veritas Access Appliance 7.4.3 Veritas Access Appliance 7.4.3.100 Veritas Access Appliance 7.4.3.200 Veritas Netbackup Virtual Appliance 4.0.0.1 Veritas Netbackup Virtual Appliance 4.1.0.1 Veritas Netbackup Appliance 4.0.0.1 Veritas Netbackup Appliance 4.1.0.1 Veritas Netbackup Virtual Appliance 4.0 Veritas Netbackup Virtual Appliance 4.1 Veritas Netbackup Appliance 4.0 Veritas Netbackup Appliance 4.1 Veritas Flex Appliance 2.0 Veritas Flex Appliance 2.0.1 Veritas Flex Appliance 2.0.2 Veritas Flex Appliance 2.1 Veritas Flex Appliance 1.3 Veritas Netbackup Flex Scale Appliance 2.1 Veritas Netbackup Flex Scale Appliance 3.089 Github repositories available2 Articles available

9.8

CVSSv3

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution....

Vmware Identity Manager 3.3.3 Vmware Vrealize Automation 7.6 Vmware Identity Manager 3.3.4 Vmware Identity Manager 3.3.5 Vmware Vrealize Automation Vmware Identity Manager 3.3.6 Vmware Workspace One Access 20.10.0.1 Vmware Workspace One Access 20.10.0.0 Vmware Workspace One Access 21.08.0.1 Vmware Workspace One Access 21.08.0.0 Vmware Vrealize Suite Lifecycle Manager Vmware Cloud Foundation32 Github repositories available11 Articles available

10

CVSSv3

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote...

Vmware Spring Cloud Gateway 3.1.0 Vmware Spring Cloud Gateway Oracle Commerce Guided Search 11.3.2 Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0 Oracle Communications Cloud Native Core Network Slice Selection Function 22.1.0 Oracle Communications Cloud Native Core Network Repository Function 1.15.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0 Oracle Communications Cloud Native Core Network Exposure Function 22.1.0 Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0 Oracle Communications Cloud Native Core Network Repository Function 1.15.1 Oracle Communications Cloud Native Core Binding Support Function 1.11.0 Oracle Communications Cloud Native Core Network Repository Function 22.2.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1 Oracle Communications Cloud Native Core Console 22.2.0 Oracle Communications Cloud Native Core Network Repository Function 22.1.2 Oracle Communications Cloud Native Core Binding Support Function 22.1.370 Github repositories available7 Articles available

Get Started

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook