Skip to main content
CVE-2022-0237 HIGH POC This Week

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Insight Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-26526 HIGH POC This Week

Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anaconda3 Miniconda3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-21221 HIGH POC PATCH This Week

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Path Traversal Fasthttp
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-25514 HIGH POC This Week

stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Stb Truetype H
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-26534 HIGH POC This Week

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fisco Bcos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-26300 HIGH POC This Week

EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Eos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25296 HIGH POC This Week

The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Bodymen
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2022-0757 HIGH This Week

Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nexpose
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-26504 HIGH This Week

Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Microsoft Veeam Backup Replication
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-26500 HIGH KEV THREAT This Week

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Veeam Backup Replication
NVD
CVSS 3.1
8.8
EPSS
5.9%
CVE-2022-24770 HIGH PATCH This Week

`gradio` is an open source framework for building interactive machine learning models and demos. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gradio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-25364 HIGH This Week

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Enterprise
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-26511 HIGH This Week

WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wps Presentation
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-26081 HIGH This Week

The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Wps Office
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-25969 HIGH This Week

The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Wps Office
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-25949 HIGH This Week

The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Internet Security 9 Plus
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-26503 HIGH This Week

Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Microsoft Veeam
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-21822 HIGH PATCH This Week

NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Nvidia Federated Learning Application Runtime Environment
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-24761 HIGH PATCH This Week

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Python Request Smuggling Waitress Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-24759 HIGH PATCH This Week

`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Js Libp2P Noise
NVD GitHub
CVSS 3.1
7.4
EPSS
0.5%
CVE-2022-24073 HIGH This Week

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
CVSS 3.1
7.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy