Skip to main content
CVE-2022-22735 HIGH POC This Week

The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi CSRF WordPress Simple Quotation
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-0478 HIGH POC PATCH This Week

The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Event Manager And Tickets Selling For Woocommerce
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-24743 HIGH POC PATCH This Week

Sylius is an open source eCommerce platform. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sylius
NVD GitHub
CVSS 3.1
8.2
EPSS
1.2%
CVE-2022-0943 HIGH POC PATCH This Week

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-24578 HIGH POC This Week

GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-24577 HIGH POC This Week

GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-24575 HIGH POC This Week

GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-22346 HIGH This Week

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Spectrum Protect Operations Center
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-20001 HIGH PATCH This Week

fish is a command line shell. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Fish Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-24740 HIGH PATCH This Week

Volto is a ReactJS-based frontend for the Plone Content Management System. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Volto
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22354 HIGH This Week

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Copy Data Management Spectrum Protect Plus
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-22719 HIGH PATCH This Week

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash.4.52 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apache Http Server Debian Linux Fedora +3
NVD
CVSS 3.1
7.5
EPSS
69.8%
CVE-2022-24387 HIGH This Week

With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Smartertrack
NVD
CVSS 3.1
7.2
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy