Skip to main content
CVE-2022-0860 CRITICAL POC PATCH Act Now

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Cobbler Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2022-0871 CRITICAL POC PATCH Act Now

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Gogs
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-25510 HIGH POC PATCH This Week

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Python Freetakserver Ui
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-25216 HIGH POC THREAT This Week

An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal 12 Player Playerfab
NVD
CVSS 3.1
7.5
EPSS
13.8%
CVE-2022-0853 HIGH POC This Week

A flaw was found in JBoss-client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Descision Manager Jboss Enterprise Application Platform Jboss Enterprise Application Platform Expansion Pack Process Automation +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-0913 HIGH POC PATCH This Week

Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Microweber
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-25512 HIGH POC This Week

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freetakserver Ui
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-25508 HIGH POC PATCH This Week

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Freetakserver Ui
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-0921 MEDIUM POC PATCH This Month

Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

RCE Code Injection Microweber
NVD GitHub
CVSS 3.1
6.7
EPSS
2.1%
CVE-2022-0932 MEDIUM POC PATCH This Month

Missing Authorization in GitHub repository saleor/saleor prior to 3.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Saleor
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-25511 MEDIUM POC This Month

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freetakserver Ui
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-25506 MEDIUM POC This Month

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Freetakserver Ui
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-0821 MEDIUM POC PATCH This Month

Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Orchardcore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-44620 CRITICAL Act Now

A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection A3100R Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-0820 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Orchardcore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-24754 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pjsip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-25621 CRITICAL Act Now

UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Univerge Wa1020 Firmware Univerge Wa1510 Firmware Univerge Wa1511 Firmware Univerge Wa1512 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-23730 CRITICAL Act Now

The public API error causes for the attacker to be able to bypass API access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webos
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-24433 CRITICAL PATCH Act Now

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Simple Git
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-23402 CRITICAL Act Now

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Centum Vp Firmware Centum Vp Entry Firmware Exaopc
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-21194 CRITICAL Act Now

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Centum Vp Firmware Centum Vp Entry Firmware Exaopc
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-0924 MEDIUM POC PATCH This Month

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff Debian Linux Fedora +1
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-0909 MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Debian Linux Fedora Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-0908 MEDIUM POC PATCH This Month

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff Debian Linux Fedora +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-0907 MEDIUM POC This Month

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux Fedora Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-0928 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
2.4%
CVE-2022-26874 MEDIUM POC PATCH This Month

lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Horde Mime Viewer Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-0822 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Orchardcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-25507 MEDIUM POC This Month

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Freetakserver Ui
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25839 MEDIUM POC PATCH This Month

The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Url Js
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-0870 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Gogs
NVD GitHub
CVSS 3.1
5.3
EPSS
3.4%
CVE-2022-25600 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Wp Maps Fedora
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-0912 MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-22729 HIGH This Week

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Centum Cs 3000 Firmware Centum Cs 3000 Entry Firmware Centum Vp Firmware Centum Vp Entry Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-21808 HIGH This Week

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Centum Cs 3000 Firmware Centum Cs 3000 Entry Firmware Centum Vp Firmware Centum Vp Entry Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-23934 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23933 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23932 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23931 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23930 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23929 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23928 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23927 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23926 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23925 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-23924 HIGH This Week

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE HP Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-22151 HIGH This Week

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Centum Cs 3000 Firmware Centum Cs 3000 Entry Firmware Centum Vp Firmware Centum Vp Entry Firmware +1
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-22145 HIGH This Week

CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Centum Cs 3000 Firmware Centum Cs 3000 Entry Firmware Centum Vp Firmware Centum Vp Entry Firmware +1
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-21177 HIGH This Week

There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Centum Cs 3000 Firmware Centum Cs 3000 Entry Firmware Centum Vp Firmware Centum Vp Entry Firmware +1
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-24421 HIGH This Week

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Buffer Overflow Alienware 13 R3 Firmware Alienware 15 R3 Firmware +44
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy