Skip to main content
CVE-2022-26263 MEDIUM POC THREAT This Month

Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 37.7%.

XSS U8
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
37.7%
CVE-2022-0995 HIGH POC PATCH Act Now

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Linux Buffer Overflow Linux Kernel +12
NVD
CVSS 3.1
7.8
EPSS
6.2%
CVE-2022-1040 CRITICAL POC KEV THREAT Act Now

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sophos Sfos
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.8%
CVE-2021-40904 HIGH POC This Week

The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP Checkmk
NVD GitHub
CVSS 3.1
8.8
EPSS
3.8%
CVE-2021-40905 HIGH POC This Week

The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Checkmk
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.8%
CVE-2022-25577 CRITICAL POC Act Now

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Alf Banco
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-25523 HIGH POC This Week

TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which is exploited via a crafted POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Typesetter
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-1049 HIGH POC This Week

A flaw was found in the Pacemaker configuration tool (pcs). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pcs Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-0435 HIGH POC PATCH THREAT This Week

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow Linux Kernel Codeready Linux Builder +28
NVD
CVSS 3.1
8.8
EPSS
68.0%
CVE-2022-1064 HIGH POC PATCH This Week

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Fork Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-27882 HIGH POC PATCH This Week

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Openbsd
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-27881 HIGH POC PATCH This Week

engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Openbsd
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-24778 HIGH POC PATCH This Week

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Imgcrypt Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-25590 MEDIUM POC This Month

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Surveyking
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-27887 MEDIUM POC This Month

Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maccms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-27886 MEDIUM POC This Month

Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maccms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-27885 MEDIUM POC This Month

Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maccms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-27884 MEDIUM POC This Month

Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maccms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-26573 MEDIUM POC This Month

Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Maccms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24783 CRITICAL PATCH Act Now

Deno is a runtime for JavaScript and TypeScript. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deno
NVD GitHub
CVSS 3.1
10.0
EPSS
1.1%
CVE-2022-22995 CRITICAL Act Now

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE My Cloud Pr2100 Firmware My Cloud Pr4100 Firmware My Cloud Ex4100 Firmware My Cloud Ex2 Ultra Firmware +9
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-22274 CRITICAL POC THREAT Act Now

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Stack Overflow Buffer Overflow Sonicos +1
NVD
CVSS 3.1
9.8
EPSS
57.3%
CVE-2022-27919 CRITICAL Act Now

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-22687 CRITICAL Act Now

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology RCE Buffer Overflow Diskstation Manager Diskstation Manager Unified Controller
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-26197 MEDIUM POC This Month

Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist table. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Joget Dx
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-25582 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Classcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0983 HIGH PATCH This Week

An SQL injection risk was identified in Badges code relating to configuring criteria. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Moodle Fedora Extra Packages For Enterprise Linux
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-22688 HIGH This Week

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Command Injection Diskstation Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-0759 HIGH PATCH This Week

A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Information Disclosure Kubeclient
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-0500 HIGH PATCH This Week

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel Fedora H300E Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-0330 HIGH This Week

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Codeready Linux Builder Codeready Linux Builder Eus +35
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-0988 HIGH PATCH This Week

Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Diaenergie
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-24777 HIGH PATCH This Week

grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Grpc Swift
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-27227 HIGH PATCH This Week

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Authoritative Server Recursor Fedora
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2022-26659 HIGH This Week

Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Docker Docker Desktop
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-40906 MEDIUM This Month

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Checkmk
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-27920 MEDIUM PATCH This Month

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Libkiwix Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-25610 MEDIUM This Month

Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Simple Ajax Chat
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27906 MEDIUM This Month

Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Oftp2
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-0322 MEDIUM PATCH This Month

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Communications Cloud Native Core Binding Support Function +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-24643 MEDIUM This Month

A stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-25612 MEDIUM This Month

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Simple Event Planner
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25611 MEDIUM This Month

Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Event Planner
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25606 MEDIUM This Month

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Downloadmanager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25574 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Douphp
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-0494 MEDIUM This Month

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2022-0897 MEDIUM This Month

A flaw was found in the libvirt nwfilter driver. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libvirt Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-24784 LOW PATCH Monitor

Statamic is a Laravel and Git powered CMS. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Statamic
NVD GitHub
CVSS 3.1
3.7
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy