Skip to main content
CVE-2022-0086 CRITICAL POC PATCH Act Now

uppy is vulnerable to Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Uppy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-21647 CRITICAL PATCH Act Now

CodeIgniter is an open source PHP full-stack web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP SQLi Codeigniter
NVD GitHub
CVSS 3.1
9.8
EPSS
37.7%
CVE-2022-21643 CRITICAL PATCH Act Now

USOC is an open source CMS with a focus on simplicity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Useful Simple Open Source Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-21650 MEDIUM POC PATCH This Month

Convos is an open source multi-user chat that runs in a web browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Convos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-21649 MEDIUM POC PATCH This Month

Convos is an open source multi-user chat that runs in a web browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Convos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-0083 MEDIUM POC PATCH This Month

livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Live Helper Chat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-20012 HIGH This Week

In mdp driver, there is a possible memory corruption due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-21644 HIGH PATCH This Week

USOC is an open source CMS with a focus on simplicity. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Useful Simple Open Source Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-20016 MEDIUM This Month

In vow driver, there is a possible memory corruption due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20014 MEDIUM This Month

In vow driver, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20023 MEDIUM This Month

In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-20022 MEDIUM This Month

In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-20021 MEDIUM This Month

In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-20013 MEDIUM This Month

In vow driver, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-43677 MEDIUM This Month

Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fluxbb
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-21648 MEDIUM PATCH This Month

Latte is an open source template engine for PHP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Latte
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-20020 MEDIUM This Month

In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20019 MEDIUM This Month

In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20018 MEDIUM This Month

In seninf driver, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20015 MEDIUM This Month

In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy