NVD disclosure day

Published threat advisories for April 18, 2022

CVE advisoryKnown Exploit

CVE-2022-29464

WSO2 Products: Remote Code Execution Via File Upload.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in certain WSO2 products allows for unrestricted file uploads, leading to remote code execution. This could impact affected systems and data by enabling unauthorized access and control. The business risk is significant due to the potential compromise of sensitive information and operations.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus Command Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability exists in Zoho ManageEngine ADSelfService Plus that allows authenticated administrators to execute arbitrary operating system commands with SYSTEM privileges. This impacts organizations using affected versions of the software. Attackers can exploit this by leveraging default administrator passwords or b

NVD published: • CISA KEV