Skip to main content
CVE-2022-0981 HIGH POC This Week

A flaw was found in Quarkus. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Quarkus
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-45757 HIGH POC This Week

ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Rt Ac68U Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-22819 HIGH POC This Week

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Lpc55S66Jbd64 Firmware Lpc55S66Jbd100 Firmware Lpc55S66Jev98 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-1033 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

File Upload Crater
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-26243 HIGH POC This Week

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac10 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25268 HIGH This Week

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Passwork
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-25267 HIGH This Week

Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Passwork
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-24768 HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Privilege Escalation Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-1030 HIGH This Week

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Apple Advanced Server Access
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-24291 HIGH This Week

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE HP Denial Of Service Laserjet Pro M453 M454 W1Y40A Firmware +67
NVD VulDB
CVSS 3.1
7.5
EPSS
4.4%
CVE-2021-46064 HIGH This Week

IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Irfanview
NVD VulDB
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-27666 HIGH PATCH This Week

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Memory Corruption Buffer Overflow Linux Kernel Fedora +11
NVD GitHub
CVSS 3.1
7.8
EPSS
5.5%
CVE-2022-0889 HIGH This Week

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS WordPress Ninja Forms File Uploads
NVD VulDB
CVSS 3.1
7.2
EPSS
2.0%
CVE-2022-27192 HIGH This Week

The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dvs Avilys
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-24757 HIGH PATCH This Week

The Jupyter Server provides the backend (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jupyter Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-0635 HIGH This Week

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind H300s Firmware H500s Firmware H700s Firmware +5
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-0834 HIGH This Week

The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS WordPress Amelia
NVD VulDB
CVSS 3.1
7.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy