Skip to main content
CVE-2022-0778 HIGH POC PATCH CISA Act Now

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service OpenSSL Debian Linux Cloud Volumes Ontap Mediator Clustered Data Ontap +9
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
7.8%
Threat
5.2
CVE-2022-25486 HIGH POC This Week

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cuppacms
NVD GitHub
CVSS 3.1
7.8
EPSS
10.0%
CVE-2022-25485 HIGH POC This Week

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cuppacms
NVD GitHub
CVSS 3.1
7.8
EPSS
7.9%
CVE-2022-25491 HIGH POC This Week

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-26779 HIGH POC This Week

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apache Information Disclosure Cloudstack
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-24756 HIGH POC PATCH This Week

Bareos is open source software for backup, archiving, and recovery of data for operating systems. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Bareos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-0944 HIGH POC PATCH This Week

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Ssti Code Injection Sqlpad
NVD GitHub
CVSS 3.1
7.2
EPSS
8.7%
CVE-2022-27204 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Extended Choice Parameter
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-22771 HIGH This Week

The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal Jasperreports Library Jasperreports Server
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-24721 HIGH PATCH This Week

CometD is a scalable comet implementation for web messaging. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cometd
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-27198 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Cloudbees Aws Credentials
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2022-23989 HIGH This Week

In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy