Skip to main content
CVE-2022-24715 HIGH POC PATCH THREAT This Week

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Icinga Web 2
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
14.7%
CVE-2022-24716 HIGH POC PATCH THREAT This Week

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Icinga Web 2
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
89.4%
CVE-2022-26314 CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Forgot Password
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-26313 CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Forgot Password
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-0877 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bookstack
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-24309 HIGH This Week

A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Mendix
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-26337 HIGH PATCH This Week

Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Trend Micro Password Manager
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-24661 HIGH PATCH This Week

A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Simcenter Star Ccm Viewer
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-24408 HIGH This Week

A vulnerability has been identified in SINUMERIK MC (All versions < V1.15 SP1), SINUMERIK ONE (All versions < V6.15 SP1). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sinumerik Mc Firmware Sinumerik One Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-24713 HIGH PATCH This Week

regex is an implementation of regular expressions for the Rust language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Regex Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
14.5%
CVE-2022-25311 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sinec Network Management System Sinema Server
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2022-24282 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java RCE Sinec Network Management System
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-24281 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sinec Network Management System
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2022-26319 MEDIUM PATCH This Month

An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Trend Micro Information Disclosure Portable Security
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-26317 MEDIUM This Month

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mendix
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-24739 MEDIUM PATCH This Month

alltube is an html front end for youtube-dl. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

SSRF Open Redirect Alltube
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-24714 MEDIUM PATCH This Month

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Icinga Web 2
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy