Skip to main content
CVE-2022-24707 HIGH POC PATCH This Week

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Time Tracker
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.2%
CVE-2022-24232 HIGH POC This Week

A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-25636 HIGH POC PATCH This Week

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Buffer Overflow Linux Kernel Debian Linux +11
NVD GitHub
CVSS 3.1
7.8
EPSS
2.6%
CVE-2022-25101 HIGH POC This Week

A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Wbce Cms
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-25099 HIGH POC This Week

A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Wbce Cms
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-25149 HIGH POC PATCH THREAT This Week

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress Wp Statistics
NVD GitHub
CVSS 3.1
7.5
EPSS
78.0%
CVE-2022-0651 HIGH POC PATCH THREAT This Week

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress Wp Statistics
NVD GitHub
CVSS 3.1
7.5
EPSS
33.0%
CVE-2022-25401 HIGH POC This Week

The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cuppacms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-25104 HIGH POC This Week

HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Horizontcms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-25331 HIGH POC PATCH This Week

Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Trend Micro Serverprotect Serverprotect For Network Appliance Filer Serverprotect For Storage
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2022-23043 HIGH POC PATCH This Week

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Zenario
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-25360 HIGH This Week

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard File Upload Fireware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-25293 HIGH This Week

A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Memory Corruption RCE Buffer Overflow Fireware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-25292 HIGH This Week

A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Memory Corruption RCE Buffer Overflow Fireware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-25291 HIGH This Week

An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Integer Overflow RCE Buffer Overflow Fireware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-24407 HIGH PATCH This Week

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Cyrus Sasl Debian Linux Fedora Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
8.8
EPSS
4.1%
CVE-2022-23176 HIGH KEV THREAT This Week

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.1
8.8
EPSS
13.3%
CVE-2022-24610 HIGH This Week

Settings/network settings/wireless settings on the Alecto DVC-215IP camera version 63.1.1.173 and below shows the Wi-Fi passphrase hidden, but by editing/removing the style of the password field the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dvc 215Ip Firmware
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2022-21824 HIGH PATCH This Week

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Node Js Mysql Cluster Mysql Connectors +8
NVD
CVSS 3.1
8.2
EPSS
21.5%
CVE-2022-25838 HIGH PATCH This Week

Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortify
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-23922 HIGH This Week

WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Win 911 2021 R1 Win 911 2021 R2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23104 HIGH This Week

WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Win 911 2021 R1 Win 911 2021 R2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-0546 HIGH PATCH This Week

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow RCE Buffer Overflow Blender +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-0545 HIGH PATCH This Week

An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Blender Debian Linux
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-24680 HIGH PATCH This Week

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-24679 HIGH PATCH This Week

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-24671 HIGH This Week

A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-22793 HIGH This Week

Cybonet - PineApp Mail Relay Local File Inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Pineapp Mail Secure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-0732 HIGH This Week

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Copy9 Exactspy Fonetracker Guestspy +5
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-25640 HIGH PATCH This Week

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-23986 HIGH PATCH This Week

SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated attacker to obtain the information in the database via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Phpuploader
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-24678 HIGH PATCH This Week

An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.5
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy