Skip to main content
CVE-2022-25098 CRITICAL Act Now

ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ectouch
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-25360 HIGH This Week

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard File Upload Fireware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-25293 HIGH This Week

A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Memory Corruption RCE Buffer Overflow Fireware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-25292 HIGH This Week

A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Memory Corruption RCE Buffer Overflow Fireware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-25291 HIGH This Week

An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Integer Overflow RCE Buffer Overflow Fireware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-24407 HIGH PATCH This Week

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Cyrus Sasl Debian Linux Fedora Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
8.8
EPSS
4.1%
CVE-2022-23176 HIGH KEV THREAT This Week

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.1
8.8
EPSS
13.3%
CVE-2022-24610 HIGH This Week

Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by editing/removing the style of the password field the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dvc 215Ip Firmware
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2022-21824 HIGH PATCH This Week

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Node Js Mysql Cluster Mysql Connectors +8
NVD
CVSS 3.1
8.2
EPSS
21.5%
CVE-2022-25838 HIGH PATCH This Week

Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortify
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-23922 HIGH This Week

WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Win 911 2021 R1 Win 911 2021 R2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23104 HIGH This Week

WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Win 911 2021 R1 Win 911 2021 R2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-0546 HIGH PATCH This Week

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow RCE Buffer Overflow Blender +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-0545 HIGH PATCH This Week

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Blender Debian Linux
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-24680 HIGH PATCH This Week

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-24679 HIGH PATCH This Week

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-24671 HIGH This Week

A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-22793 HIGH This Week

Cybonet - PineApp Mail Relay Local File Inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Pineapp Mail Secure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-0732 HIGH This Week

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Copy9 Exactspy Fonetracker Guestspy +5
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-25640 HIGH PATCH This Week

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-23986 HIGH PATCH This Week

SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Phpuploader
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-24678 HIGH PATCH This Week

An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-23135 MEDIUM This Month

There is a directory traversal vulnerability in some home gateway products of ZTE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Path Traversal Zxhn F677 Firmware Zxhn F477 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-24687 MEDIUM PATCH This Month

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure HashiCorp Consul
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-25638 MEDIUM PATCH This Month

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Wolfssl
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-25363 MEDIUM This Month

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Memory Corruption Buffer Overflow Fireware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25290 MEDIUM This Month

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-23810 MEDIUM This Month

Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection A Blog Cms
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-24709 MEDIUM PATCH This Month

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Awsui Components React
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-0710 MEDIUM This Month

The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Header Footer Code Manager
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2022-0683 MEDIUM PATCH This Month

The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS WordPress Essential Addons For Elementor
NVD
CVSS 3.1
6.1
EPSS
3.2%
CVE-2022-24435 MEDIUM PATCH This Month

Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpuploader
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-24374 MEDIUM This Month

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A Blog Cms
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-23916 MEDIUM This Month

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A Blog Cms
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0544 MEDIUM This Month

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure Blender Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-24615 MEDIUM PATCH This Month

zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zip4J
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-24708 MEDIUM PATCH This Month

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Time Tracker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-24582 MEDIUM This Month

Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Accounting Journal Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-24566 MEDIUM This Month

In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Checkmk
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24565 MEDIUM This Month

Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Checkmk
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-23701 MEDIUM This Month

A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Integrated Lights Out
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-25355 MEDIUM PATCH This Month

EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ec Cube
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-24633 MEDIUM This Month

All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filecloud
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-23655 MEDIUM PATCH This Month

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

PHP Jwt Attack Information Disclosure October
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-22349 MEDIUM PATCH This Month

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Path Traversal Sterling External Authentication Server
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-21179 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF E Mail Newsletter Management
NVD
CVSS 3.1
4.3
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy