Skip to main content
CVE-2022-25017 HIGH POC THREAT This Week

Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Chita Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
29.1%
CVE-2022-21947 HIGH This Week

A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rancher Desktop
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-25159 HIGH This Week

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Fx5Uc Firmware Fx5Uc 32Mr Ds Ts Firmware Fx5Uc 32Mt D Firmware Fx5Uc 32Mt Dss Firmware +12
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2022-25156 HIGH This Week

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fx5Uc Firmware Fx5Uc 32Mr Ds Ts Firmware Fx5Uc 32Mt D Firmware Fx5Uc 32Mt Dss Firmware +12
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-25155 HIGH This Week

Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Fx5Uc Firmware Fx5Uc 32Mr Ds Ts Firmware Fx5Uc 32Mt D Firmware Fx5Uc 32Mt Dss Firmware +12
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2022-26419 HIGH This Week

Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Cx Position
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2022-26417 HIGH This Week

Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Use After Free Cx Position
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-26022 HIGH This Week

Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cx Position
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-25959 HIGH This Week

Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Cx Position
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-1098 HIGH This Week

Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Diaenergie
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-24426 HIGH PATCH This Week

Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dell Alienware Update Command Update Update
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-0425 HIGH This Week

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2022-1068 HIGH PATCH This Week

Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Modbus Slave
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-0741 HIGH This Week

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-22332 HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Partner Engagement Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22327 HIGH This Week

IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-1159 HIGH This Week

Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell RCE Code Injection Controllogix 5580 Firmware Guardlogix 5580 Firmware +3
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2022-23155 HIGH PATCH This Week

Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Dell File Upload Wyse Management Suite
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-22331 HIGH PATCH This Week

IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Partner Engagement Manager
NVD
CVSS 3.1
7.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy