Skip to main content
CVE-2022-22948 MEDIUM POC KEV PATCH THREAT Act Now

The vCenter Server contains an information disclosure vulnerability due to improper permission of files.

NVD
CVSS 3.1
6.5
EPSS
28.8%
Threat
7.2
CVE-2022-23901 CRITICAL POC Act Now

A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Re2C
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25420 CRITICAL POC Act Now

NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Goo Blog
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-1055 HIGH POC PATCH This Week

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. Rated high severity (CVSS 8.6). Public exploit code available.

Privilege Escalation Memory Corruption Use After Free Linux Linux Kernel +11
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2022-1032 HIGH POC PATCH This Week

Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Crater
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2022-24956 MEDIUM POC This Month

An issue was discovered in Shopware B2B-Suite through 4.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi B2B Suite
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-25521 CRITICAL Act Now

NUUO v03.11.00 was discovered to contain access control issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Network Video Recorder Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-26871 CRITICAL KEV PATCH THREAT Act Now

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE File Upload Trend Micro Apex Central Apex One
NVD
CVSS 3.1
9.8
EPSS
19.6%
CVE-2022-27175 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26887 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
9.5%
CVE-2022-26836 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26667 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26666 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26514 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26349 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26338 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26069 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26065 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26059 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26013 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
8.9%
CVE-2022-25980 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25880 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-0923 CRITICAL Act Now

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-1084 CRITICAL Act Now

A vulnerability classified as critical was found in SourceCodester One Church Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass One Church Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-1083 CRITICAL Act Now

A vulnerability classified as critical has been found in Microfinance Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Microfinance Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-1082 CRITICAL Act Now

A vulnerability was found in SourceCodester Microfinance Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Microfinance Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-1080 CRITICAL Act Now

A vulnerability was found in SourceCodester One Church Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi One Church Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-1078 CRITICAL Act Now

A vulnerability was found in SourceCodester College Website Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi College Website Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-1073 CRITICAL Act Now

A vulnerability was found in Automatic Question Paper Generator 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Automatic Question Paper Generator System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23903 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pear Admin Think
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1087 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Htmly
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-1086 MEDIUM POC This Month

A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolphinphp
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24957 MEDIUM POC This Month

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eqms
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-22941 HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Salt
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-22936 HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-22934 HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-1050 HIGH PATCH This Week

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

VMware Memory Corruption Use After Free Information Disclosure Qemu
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-28150 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Job And Node Ownership
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-28136 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Jiratestresultreporter
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-23059 MEDIUM POC PATCH This Month

A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Shopizer
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-26269 MEDIUM POC This Month

Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Suzuki Connect
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2022-28155 HIGH This Week

Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Pipeline
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-28154 HIGH This Week

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Coverage Complexity Scatter Plot
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-28140 HIGH PATCH This Week

Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Flaky Test Handler
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-21821 HIGH This Week

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Cuda Toolkit
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2022-26839 HIGH This Week

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Diaenergie
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-0343 HIGH PATCH This Week

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Perfetto
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25347 HIGH This Week

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Diaenergie
NVD
CVSS 3.1
7.5
EPSS
11.1%
CVE-2022-28142 HIGH PATCH This Week

Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Proxmox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-1077 HIGH This Week

A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Flex 1085 Firmware Flex 1080 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy