Skip to main content
CVE-2022-0543 CRITICAL POC KEV PATCH THREAT Act Now

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis Authentication Bypass RCE Debian
NVD
CVSS 3.1
10.0
EPSS
99.7%
CVE-2022-23642 HIGH POC PATCH THREAT Act Now

Sourcegraph is a code search and navigation engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Sourcegraph
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
74.3%
CVE-2022-0664 CRITICAL POC PATCH Act Now

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Netmaker
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-25322 CRITICAL POC Act Now

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Web Server
NVD GitHub
CVSS 3.1
9.8
EPSS
8.3%
CVE-2022-0631 CRITICAL POC PATCH Act Now

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Mruby
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-25315 CRITICAL POC PATCH Act Now

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libexpat Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2022-22922 CRITICAL POC Act Now

TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Wa850Re Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-25335 HIGH POC This Week

RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Drago
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-0666 HIGH POC PATCH THREAT This Week

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Microweber
NVD GitHub
CVSS 3.1
7.5
EPSS
44.3%
CVE-2022-25299 HIGH POC PATCH This Week

This affects the package cesanta/mongoose before 7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Mongoose
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-25298 HIGH POC PATCH This Week

This affects the package sprinfall/webcc before 0.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Webcc
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-0660 HIGH POC PATCH This Week

Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
7.5
EPSS
6.9%
CVE-2022-0585 MEDIUM POC This Month

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2022-25323 MEDIUM POC This Month

ZEROF Web Server 2.0 allows /admin.back XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Server
NVD GitHub
CVSS 3.1
6.1
EPSS
3.2%
CVE-2022-25321 MEDIUM POC PATCH This Month

An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Cerebrate
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-24049 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow S1 S2
NVD
CVSS 3.1
9.8
EPSS
7.2%
CVE-2022-24047 CRITICAL Act Now

This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Track It
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-25337 CRITICAL PATCH Act Now

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ez Platform Kernel
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-21215 CRITICAL Act Now

This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-21196 CRITICAL Act Now

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Mimosa Management Platform C6X Firmware C5X Firmware +2
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-21143 CRITICAL Act Now

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-21141 CRITICAL Act Now

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Mimosa Management Platform C6X Firmware C5X Firmware +2
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25319 MEDIUM POC PATCH This Month

An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cerebrate
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2022-0671 CRITICAL PATCH Act Now

A flaw was found in vscode-xml in versions prior to 0.19.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Vscode Xml
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2022-24971 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-24369 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24367 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24366 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24365 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24364 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24363 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24362 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24361 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24360 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24359 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24358 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24357 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24356 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Apple Information Disclosure Pdf Editor +1
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2022-24355 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow TP-Link Buffer Overflow Tl Wr940n Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-24354 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE TP-Link Ac1750 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-24046 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE S1 S2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2022-24064 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.8.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-24063 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-24062 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-24059 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-24058 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2022-24057 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-24056 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-24052 HIGH PATCH This Week

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Buffer Overflow Heap Overflow MariaDB +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-24051 HIGH PATCH This Week

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE MariaDB Fedora
NVD
CVSS 3.1
7.8
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy