Skip to main content
CVE-2022-0492 HIGH POC KEV PATCH THREAT Act Now

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Linux Authentication Bypass
NVD VulDB
CVSS 3.1
7.8
EPSS
5.2%
Threat
4.7
CVE-2022-25089 CRITICAL POC THREAT Emergency

Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.6%.

Privilege Escalation Printix
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
18.6%
Threat
4.0
CVE-2022-22947 CRITICAL POC KEV PATCH THREAT Act Now

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Code Injection Spring Cloud Gateway Commerce Guided Search +8
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
98.3%
CVE-2022-0265 CRITICAL POC PATCH Act Now

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Hazelcast
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-24724 CRITICAL POC Act Now

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Cmark Gfm Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2022-25125 CRITICAL POC Act Now

MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2022-23899 CRITICAL POC Act Now

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-23898 CRITICAL POC Act Now

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD GitHub
CVSS 3.1
9.8
EPSS
7.7%
CVE-2022-0841 CRITICAL POC PATCH Act Now

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Node.js Npm Lockfile
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-22909 HIGH POC THREAT This Week

HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Hoteldruid
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
45.4%
CVE-2022-26129 HIGH POC This Week

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-26128 HIGH POC This Week

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-26127 HIGH POC This Week

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-26126 HIGH POC This Week

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-26125 HIGH POC This Week

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-21716 HIGH POC PATCH This Week

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Python Twisted Debian Linux Http Server +2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2022-23648 HIGH POC PATCH THREAT This Week

containerd is a container runtime available as a daemon for Linux and Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Kubernetes Microsoft Information Disclosure Containerd Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
27.4%
CVE-2022-0528 HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Uppy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-23052 MEDIUM POC This Month

PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Petereport
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-0753 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0730 CRITICAL Act Now

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cacti Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-24725 MEDIUM POC PATCH This Month

Shescape is a shell escape package for JavaScript. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Shescape
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-23051 MEDIUM POC This Month

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Petereport
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25138 MEDIUM POC This Month

Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Suite
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24563 MEDIUM POC This Month

In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Genixcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-24723 MEDIUM POC PATCH This Month

URI.js is a Javascript URL mutation library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Uri Js
NVD GitHub
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-22700 MEDIUM POC This Month

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-42950 HIGH This Week

Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zepl
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-25220 MEDIUM POC This Month

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Petereport
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-25471 HIGH This Week

An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-25031 HIGH This Week

Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Remote Desktop Commander Suite Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22706 HIGH POC KEV THREAT This Week

Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Bifrost Gpu Kernel Driver Midgard Gpu Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-22943 MEDIUM This Month

VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

VMware Microsoft Information Disclosure Tools
NVD
CVSS 3.1
6.7
EPSS
1.2%
CVE-2022-23849 MEDIUM This Month

The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Password Hub
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2021-38263 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Liferay Portal Digital Experience Platform
NVD VulDB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-38264 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-24573 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Http Commander
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-23710 MEDIUM This Month

A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kibana
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-38269 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Liferay Portal Digital Experience Platform
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38267 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38265 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-25146 MEDIUM PATCH This Month

The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-23709 MEDIUM This Month

A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Elastic Kibana
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-23708 MEDIUM PATCH This Month

A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Elastic Elasticsearch
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy