Skip to main content
CVE-2022-26613 CRITICAL POC Act Now

PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-1253 CRITICAL POC PATCH Act Now

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libde265
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-26605 HIGH POC This Week

eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Eziosuite
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-26250 HIGH POC This Week

Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Synaman
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1240 HIGH POC PATCH This Week

Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Radare2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-1238 HIGH POC PATCH This Week

Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-1237 HIGH POC PATCH This Week

Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-26607 HIGH POC This Week

A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Baigo Cms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
2.4%
CVE-2022-26251 HIGH POC This Week

The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Synaman
NVD VulDB
CVSS 3.1
7.2
EPSS
2.2%
CVE-2022-26591 HIGH POC This Week

FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Mwid25 Ds Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-26953 HIGH POC This Week

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Passport Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-26952 HIGH POC PATCH This Week

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Passport Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-1248 HIGH POC This Week

A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass SAP Sap Information System
NVD VulDB
CVSS 3.1
7.3
EPSS
1.3%
CVE-2022-1234 MEDIUM POC PATCH This Month

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-24786 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Pjsip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-27110 MEDIUM POC This Month

OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Orangehrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-27109 MEDIUM POC This Month

OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Orangehrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-27107 MEDIUM POC This Month

OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Orangehrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-23441 CRITICAL PATCH Act Now

A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Fortiedr
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-20763 HIGH This Week

A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Cisco Webex Meetings Online
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-26110 HIGH This Week

An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Htcondor Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-27108 MEDIUM POC This Month

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Orangehrm
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-20774 HIGH This Week

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco CSRF Ip Phone 6871 Firmware Ip Phone 6861 Firmware +15
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-20762 HIGH This Week

A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Ultra Cloud Core Subscriber Microservices Infrastructure
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-23440 HIGH PATCH This Week

A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Fortiedr
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20756 HIGH This Week

A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-24822 HIGH PATCH This Week

Podium is a library for building micro frontends. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Podium Layout Podium Proxy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-24793 HIGH PATCH This Week

PJSIP is a free and open source multimedia communication library written in C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pjsip Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-20755 HIGH This Week

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Telepresence Video Communication Server
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2022-20754 HIGH This Week

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Telepresence Video Communication Server
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2022-22410 HIGH This Week

IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Watson Query
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-20665 MEDIUM This Month

A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco Command Injection Staros
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-20782 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-20781 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Asyncos
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-20741 MEDIUM This Month

A vulnerability in the web-based management interface of the Network Diagrams application for Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an authenticated, remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Network Analytics
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-20675 MEDIUM This Month

A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asyncos
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-20784 MEDIUM This Month

A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Web Security Appliance
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-23446 MEDIUM PATCH This Month

A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Fortinet Information Disclosure Fortiedr
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-26850 MEDIUM PATCH This Month

When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Nifi
NVD
CVSS 3.1
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy