Skip to main content
CVE-2022-0865 MEDIUM POC This Month

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux Fedora Active Iq Unified Manager
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-0856 MEDIUM POC This Month

libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libcaca Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2021-41657 MEDIUM POC This Month

SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Collaborator
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-26101 MEDIUM POC This Month

Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fiori Launchpad
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-24608 MEDIUM POC This Month

Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Luocms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-24399 MEDIUM POC This Month

The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SAP Focused Run
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-24177 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aleph 500
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-26520 CRITICAL PATCH Act Now

In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Information Disclosure Postgresql Jdbc Driver Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-26131 CRITICAL Act Now

Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plc4Trucks Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-26100 CRITICAL Act Now

SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sapcar
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-25818 CRITICAL Act Now

Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-22814 CRITICAL Act Now

The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Myasus
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-0890 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Mruby
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-23383 CRITICAL Act Now

YzmCMS v6.3 is affected by broken access control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yzmcms
NVD VulDB
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-25215 MEDIUM POC This Month

Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure K2 Firmware K3 Firmware K3C Firmware K2G Firmware +1
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-25922 CRITICAL Act Now

Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Plc4Trucks Firmware
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-22795 CRITICAL Act Now

Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XXE Manager Agents
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-26846 HIGH PATCH This Week

SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Spip Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-24915 HIGH This Week

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Ipdio Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-22985 HIGH This Week

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Ipdio Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-0507 HIGH This Week

Found a potential security vulnerability inside the Pandora API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-0906 MEDIUM POC PATCH This Month

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-24618 HIGH This Week

Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Heimdal Premium Security
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-24750 HIGH PATCH This Week

UltraVNC is a free and open source remote pc access software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Ultravnc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-25815 HIGH This Week

PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25814 HIGH This Week

PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25325 HIGH This Week

Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-25294 HIGH This Week

Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Apple Insider Threat Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-25234 HIGH This Week

Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Information Disclosure Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-25230 HIGH This Week

Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-24960 HIGH This Week

A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Microsoft Pdftron
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-24931 HIGH This Week

Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-24928 HIGH This Week

Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-24286 HIGH This Week

Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Quickaccess
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-24285 HIGH This Week

Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Care Center
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-21219 HIGH This Week

Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-21124 HIGH This Week

Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Information Disclosure Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-20054 HIGH This Week

In ims service, there is a possible AT command injection due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Command Injection Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20053 HIGH This Week

In ims service, there is a possible escalation of privilege due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20048 HIGH This Week

In video decoder, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20047 HIGH This Week

In video decoder, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-0516 HIGH PATCH This Week

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +20
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-24726 HIGH PATCH This Week

Istio is an open platform to connect, manage, and secure microservices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Istio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-26662 HIGH PATCH This Week

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Proteus Trytond Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-26311 HIGH This Week

Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Cloud Native Operator
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-0903 HIGH This Week

A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Mattermost Buffer Overflow Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-0813 HIGH PATCH This Week

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phpmyadmin
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-0725 HIGH This Week

A flaw was found in keepass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepass Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-0618 HIGH This Week

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Http 2
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-0815 HIGH This Week

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Webadvisor
NVD
CVSS 3.1
7.3
EPSS
1.0%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy