Skip to main content
CVE-2022-24050 HIGH PATCH This Week

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Privilege Escalation Memory Corruption RCE Use After Free MariaDB +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-24048 HIGH PATCH This Week

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Stack Overflow Buffer Overflow MariaDB +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-0646 HIGH PATCH This Week

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel H410c Firmware H300s Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-23228 HIGH This Week

Pexip Infinity before 27.0 has improper WebRTC input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-23982 HIGH This Week

The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Perfect Brands For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-21176 HIGH This Week

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-0138 HIGH This Week

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-25314 HIGH PATCH This Week

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libexpat Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
4.7%
CVE-2022-23650 HIGH PATCH GHSA This Week

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Netmaker
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2021-4090 HIGH PATCH This Week

An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel H300s Firmware +7
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-24370 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Apple Information Disclosure Pdf Editor +1
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-24368 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-21800 MEDIUM This Month

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-0673 MEDIUM PATCH This Month

A flaw was found in LemMinX in versions prior to 0.19.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Lemminx
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-0451 MEDIUM PATCH This Month

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dart Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-25313 MEDIUM PATCH This Month

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libexpat Debian Linux Fedora Http Server +2
NVD GitHub
CVSS 3.1
6.5
EPSS
3.3%
CVE-2022-23647 MEDIUM PATCH This Month

Prism is a syntax highlighting library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prism
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-25317 MEDIUM PATCH This Month

An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Cerebrate
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-23645 MEDIUM PATCH This Month

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Swtpm Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-24061 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Dicom Viewer Pro
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-24060 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Dicom Viewer Pro
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-24055 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Dicom Viewer Pro
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-0672 MEDIUM PATCH This Month

A flaw was found in LemMinX in versions prior to 0.19.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Lemminx
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-25358 MEDIUM PATCH This Month

A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Awful Salmonella Tar
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-25336 MEDIUM PATCH This Month

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ez Platform Kernel
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-25320 MEDIUM PATCH This Month

An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cerebrate
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-23981 MEDIUM This Month

The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Perfect Brands For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-25318 MEDIUM PATCH This Month

An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Cerebrate
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-23649 LOW PATCH Monitor

Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Cosign
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy