NVD disclosure day

Published threat advisories for April 12, 2022

CVE advisoryCRITICAL

CVE-2022-28397

Ghost CMS Arbitrary File Upload Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An arbitrary file upload vulnerability in Ghost CMS could allow attackers to execute arbitrary code. The vendor states this feature is intentionally restricted to trusted users, but if reachable, it could impact system integrity. Confirming relevance and system exposure is crucial for assessing risk.

CVE advisoryCRITICAL

CVE-2022-27262

Skipper File Upload Arbitrary Code Execution

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An arbitrary file upload vulnerability exists in the file upload module of Skipper, a component used in web applications for processing file uploads. If reachable, attackers could exploit this by uploading a crafted file to execute arbitrary code on affected systems, potentially compromising system integrity and confid