Skip to main content
CVE-2022-23277 HIGH POC THREAT Act Now

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.8
EPSS
40.8%
CVE-2022-24734 HIGH POC PATCH THREAT Act Now

MyBB is a free and open source forum software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Code Injection Mybb
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
77.7%
CVE-2022-0482 CRITICAL POC PATCH THREAT Act Now

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Easyappointments
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
38.1%
CVE-2022-0896 HIGH POC PATCH This Week

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Ssti Information Disclosure Microweber
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-25943 HIGH POC This Week

The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Wps Office
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-24741 MEDIUM POC PATCH This Month

Nextcloud server is an open source, self hosted cloud style services platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-0881 MEDIUM POC PATCH This Month

Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Peertube
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-22806 CRITICAL Act Now

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smt Series 1015 Ups Firmware Smc Series 1018 Ups Firmware Smtl Series 1026 Ups Firmware Scl Series 1029 Ups Firmware +4
NVD
CVSS 3.1
9.8
EPSS
12.3%
CVE-2022-22805 CRITICAL Act Now

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Smt Series 1015 Ups Firmware Smc Series 1018 Ups Firmware Smtl Series 1026 Ups Firmware +5
NVD
CVSS 3.1
9.8
EPSS
11.7%
CVE-2022-0715 CRITICAL Act Now

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smt Series 1015 Ups Firmware Smc Series 1018 Ups Firmware Smtl Series 1026 Ups Firmware Scl Series 1029 Ups Firmware +29
NVD VulDB
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-24732 HIGH PATCH This Week

Maddy Mail Server is an open source SMTP compatible email server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Maddy
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-24508 HIGH This Week

Win32 File Enumeration Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Windows 10 Windows 11 Windows Server Windows Server 2022
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-23294 HIGH This Week

Windows Event Tracing Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-23285 HIGH This Week

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
25.7%
CVE-2022-21990 HIGH This Week

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
8.8
EPSS
18.8%
CVE-2022-24457 HIGH This Week

HEIF Image Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Heif Image Extension
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2022-23282 HIGH This Week

Paint 3D Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Paint 3D
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-24451 HIGH This Week

VP9 Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Vp9 Video Extensions
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2022-24469 HIGH This Week

Azure Site Recovery Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery
NVD
CVSS 3.1
8.1
EPSS
2.7%
CVE-2022-24510 HIGH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-24509 HIGH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-24461 HIGH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-24501 HIGH This Week

VP9 Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Vp9 Video Extensions
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-24507 HIGH This Week

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server +3
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2022-24459 HIGH This Week

Windows Fax and Scan Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-24456 HIGH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Hevc Video Extensions
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-24455 HIGH This Week

Windows CD-ROM Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-24454 HIGH This Week

Windows Security Support Provider Interface Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-24453 HIGH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Hevc Video Extensions
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-24452 HIGH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Hevc Video Extensions
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-23301 HIGH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Hevc Video Extensions
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-23300 HIGH This Week

Raw Image Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Raw Image Extension
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-23299 HIGH This Week

Windows PDEV Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
7.6%
CVE-2022-23296 HIGH This Week

Windows Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-23295 HIGH This Week

Raw Image Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Raw Image Extension
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-23293 HIGH This Week

Windows Fast FAT File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-23291 HIGH This Week

Windows DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-23290 HIGH This Week

Windows Inking COM Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-23266 HIGH This Week

Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Defender For Iot
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-22007 HIGH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Hevc Video Extensions
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-22006 HIGH This Week

HEVC Video Extensions Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Hevc Video Extensions
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-24464 HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core Visual Studio 2019 Visual Studio 2022 +1
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-24748 HIGH PATCH This Week

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

PHP Authentication Bypass Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-24520 HIGH This Week

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Azure Site Recovery
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-24517 HIGH This Week

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Azure Site Recovery
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-24471 HIGH This Week

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Azure Site Recovery
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-24470 HIGH This Week

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Azure Site Recovery
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-24468 HIGH This Week

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Azure Site Recovery
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-24467 HIGH This Week

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Azure Site Recovery
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-23284 HIGH This Week

Windows Print Spooler Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
7.2
EPSS
3.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy