Skip to main content
CVE-2022-26293 CRITICAL POC Act Now

Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Project Time Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-23812 CRITICAL POC PATCH MAL Act Now

This affects the package node-ipc from 10.1.1 and before 10.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node Ipc
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2022-21164 HIGH POC PATCH This Week

The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Node Lmdb
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-0986 MEDIUM POC PATCH This Month

Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-21945 MEDIUM POC This Month

A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cscreen
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-25251 CRITICAL Act Now

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Axeda Agent Axeda Desktop Server
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-25247 CRITICAL Act Now

Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Microsoft Axeda Agent Axeda Desktop Server
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-0982 CRITICAL Act Now

The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Accel Ppp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26295 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Project Time Management System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0705 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0704 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2022-0911 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-21946 MEDIUM POC This Month

A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cscreen
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-25246 HIGH This Week

Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Axeda Agent Axeda Desktop Server
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-0811 HIGH PATCH This Week

A flaw was found in CRI-O in the way it set kernel options for a pod. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Code Injection Cri O
NVD GitHub
CVSS 3.1
8.8
EPSS
18.6%
CVE-2022-27223 HIGH PATCH This Week

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Linux Information Disclosure Linux Kernel Active Iq Unified Manager H500s Firmware +7
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-23610 HIGH This Week

wire-server provides back end services for Wire, an open source messenger. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Information Disclosure Wire Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-24729 HIGH PATCH This Week

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ckeditor Drupal Application Express Commerce Merchandising +5
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-26660 HIGH This Week

RunAsSpc 4.0 uses a universal and recoverable encryption key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Runasspc
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-26353 HIGH PATCH This Week

A flaw was found in the virtio-net device of QEMU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-25252 HIGH This Week

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Axeda Agent Axeda Desktop Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-25250 HIGH This Week

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Axeda Agent Axeda Desktop Server
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-25249 HIGH This Week

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Axeda Agent Axeda Desktop Server
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-0918 HIGH PATCH This Week

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service 389 Ds Base Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
5.9%
CVE-2022-24751 HIGH PATCH This Week

Zulip is an open source group chat application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Zulip
NVD GitHub
CVSS 3.1
7.4
EPSS
0.9%
CVE-2022-0959 MEDIUM PATCH This Month

A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF File Upload Pgadmin 4
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-27225 MEDIUM This Month

Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-23234 MEDIUM This Month

SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Snapcenter
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-24728 MEDIUM PATCH This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal Application Express Commerce Merchandising +5
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-25248 MEDIUM This Month

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Axeda Agent Axeda Desktop Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-26354 LOW PATCH Monitor

A flaw was found in the vhost-vsock device of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
3.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy