Skip to main content
CVE-2022-22916 CRITICAL POC THREAT Emergency

O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.9%.

RCE O2oa
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
39.9%
Threat
4.7
CVE-2022-22912 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a Denial of Service (DoS) and may lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Prototype Pollution Plist
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-0623 CRITICAL POC PATCH Act Now

Out-of-bounds Read in Homebrew mruby prior to 3.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Mruby
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2022-0629 HIGH POC PATCH This Week

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Vim Fedora macOS +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-22914 HIGH POC This Week

An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ovidentia
NVD VulDB
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-23318 HIGH POC This Week

A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Pcf2Bdf
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-0633 MEDIUM POC This Month

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Updraftplus
NVD WPScan
CVSS 3.1
6.5
EPSS
2.0%
CVE-2022-22899 MEDIUM POC This Month

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Core Ftp
NVD VulDB
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-22901 MEDIUM POC This Month

There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-23319 MEDIUM POC This Month

A segmentation fault during PCF file parsing in pcf2bdf versions >=1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pcf2Bdf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-0639 MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Url Parse
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2022-0622 MEDIUM POC PATCH This Month

Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Snipe It
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-23646 HIGH PATCH This Week

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-24683 HIGH PATCH This Week

HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Nomad
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-23632 HIGH PATCH This Week

Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Traefik Communications Unified Inventory Management
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-20750 HIGH This Week

A vulnerability in the checkpoint manager implementation of Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software could allow an unauthenticated, remote attacker to cause the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Checkpoint Redundancy Configuration Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-20653 HIGH This Week

A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asyncos
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-25270 MEDIUM PATCH This Month

The Quick Edit module does not properly check entity access in some circumstances. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Drupal
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-20659 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an unauthenticated, remote attacker to conduct a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-24953 MEDIUM PATCH This Month

The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Crypt Gpg
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-0638 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Microweber
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy