Skip to main content
CVE-2022-26605 HIGH POC This Week

eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Eziosuite
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-26250 HIGH POC This Week

Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Synaman
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1240 HIGH POC PATCH This Week

Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Radare2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-1238 HIGH POC PATCH This Week

Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-1237 HIGH POC PATCH This Week

Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-26607 HIGH POC This Week

A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Baigo Cms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
2.4%
CVE-2022-26251 HIGH POC This Week

The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Synaman
NVD VulDB
CVSS 3.1
7.2
EPSS
2.2%
CVE-2022-26591 HIGH POC This Week

FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Mwid25 Ds Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-26953 HIGH POC This Week

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Passport Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-26952 HIGH POC PATCH This Week

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Passport Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-1248 HIGH POC This Week

A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass SAP Sap Information System
NVD VulDB
CVSS 3.1
7.3
EPSS
1.3%
CVE-2022-20763 HIGH This Week

A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java Cisco Webex Meetings Online
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-26110 HIGH This Week

An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Htcondor Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-20774 HIGH This Week

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco CSRF Ip Phone 6871 Firmware Ip Phone 6861 Firmware +15
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-20762 HIGH This Week

A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Ultra Cloud Core Subscriber Microservices Infrastructure
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-23440 HIGH PATCH This Week

A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Fortiedr
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20756 HIGH This Week

A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-24822 HIGH PATCH This Week

Podium is a library for building micro frontends. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Podium Layout Podium Proxy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-24793 HIGH PATCH This Week

PJSIP is a free and open source multimedia communication library written in C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pjsip Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-20755 HIGH This Week

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Telepresence Video Communication Server
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2022-20754 HIGH This Week

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Telepresence Video Communication Server
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2022-22410 HIGH This Week

IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Watson Query
NVD
CVSS 3.1
7.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy