NVD disclosure day

Published threat advisories for May 4, 2022

CVE advisoryCRITICAL

CVE-2022-29347

Web@rchiv Arbitrary File Upload Leading to Command Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability exists in Web@rchiv that allows attackers to execute arbitrary commands by uploading a crafted PHP file. This file upload flaw is exposed and does not require authentication, potentially leading to system compromise. Organizations should verify if this web archiving tool is in use to assess rel

CVE advisoryCRITICAL

CVE-2022-28568

Sourcecodester Doctor's Appointment System Remote Code Execution Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability exists in the Sourcecodester Doctor's Appointment System that allows for remote command execution through a file upload flaw. An attacker could potentially gain control of the system by uploading a malicious file, especially if they know where uploaded images are stored. This could impact syste

CVE advisoryCRITICAL

CVE-2021-43163

Ruijie RG-EW Series Routers Remote Code Execution Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A critical vulnerability exists in Ruijie Networks routers, allowing remote code execution through a specific function in their web interface. If reachable, this flaw could enable an attacker to execute arbitrary code on the device, potentially impacting the integrity and availability of its services and network traffi