Skip to main content
CVE-2022-0919 MEDIUM POC This Month

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Salon Booking System
NVD WPScan
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-27577 CRITICAL Act Now

The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Msc800 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-26099 CRITICAL Act Now

Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Null Pointer Dereference Android
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2022-0246 MEDIUM POC This Month

The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Iq Block Country
NVD WPScan
CVSS 3.1
4.9
EPSS
3.3%
CVE-2022-22572 HIGH This Week

A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Incapptic Connect
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-0999 HIGH This Week

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-0969 MEDIUM POC PATCH This Month

The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Image Optimization Lazy Load By Optimole
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-0840 MEDIUM POC This Month

The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Easy Social Icons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0728 MEDIUM POC This Month

The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Easy Smooth Scroll Links
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1193 MEDIUM POC This Month

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-24827 HIGH PATCH This Week

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Java SQLi Elide
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2022-26413 HIGH This Week

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Zyxel Vmg3312 T20A Firmware Emg3525 T50b Firmware Emg5523 T50b Firmware +29
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2022-28779 HIGH This Week

Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google RCE Microsoft Samsung Android Usb Driver Windows Installer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28776 HIGH This Week

Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Galaxy Store
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28541 HIGH This Week

Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung RCE Path Traversal Update
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-27843 HIGH This Week

DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kies
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27842 HIGH This Week

DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smart Switch Pc
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27838 HIGH This Week

Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Factorycamera
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27837 HIGH This Week

A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google RCE Code Injection Accessibility
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-27836 HIGH This Week

Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27835 HIGH This Week

Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27833 HIGH This Week

Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27830 HIGH This Week

Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27829 HIGH This Week

Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27828 HIGH This Week

Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27827 HIGH This Week

Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27826 HIGH This Week

Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27578 HIGH This Week

An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Overall Equipment Effectiveness
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27528 HIGH This Week

A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Navisworks
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-26092 HIGH This Week

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25796 HIGH This Week

A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Navisworks
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-25794 HIGH This Week

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Fbx Review
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-25792 HIGH This Week

A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Advance Steel Autocad +9
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-25791 HIGH This Week

A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Advance Steel Autocad +9
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-25790 HIGH This Week

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Advance Steel Autocad +9
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-25789 HIGH This Week

A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Advance Steel Autocad +8
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-22964 HIGH This Week

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

VMware Privilege Escalation Horizon
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22962 HIGH This Week

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

VMware Privilege Escalation Horizon
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27089 HIGH This Week

In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Plugfree Network
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27088 HIGH This Week

Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Dsm Remote
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-0556 HIGH This Week

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Zyxel Zyxel Ap Configurator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28893 HIGH PATCH This Week

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Use After Free Linux Linux Kernel +12
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-24839 HIGH PATCH This Week

org.cyberneko.html is an html parser written in Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nekohtml Weblogic Server
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-24836 HIGH PATCH This Week

Nokogiri is an open source XML and HTML library for Ruby. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nokogiri Fedora Debian Linux macOS
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2022-27844 HIGH This Week

Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging - WPvivid (WordPress plugin) versions <= 0.9.70. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Migration Backup Staging
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-22257 HIGH This Week

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-22256 HIGH This Week

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22255 HIGH This Week

The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22254 HIGH This Week

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22253 HIGH This Week

The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.3%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy