Skip to main content
CVE-2021-40219 HIGH POC This Week

Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Bolt Cms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
3.3%
CVE-2021-37292 HIGH POC This Week

An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 4St L Bems
NVD VulDB
CVSS 3.1
7.2
EPSS
6.7%
CVE-2022-24815 HIGH POC PATCH This Week

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java SQLi Generator Jhipster
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2022-1316 HIGH POC PATCH This Week

Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Zerotierone
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-1262 HIGH POC This Week

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dir 1360 Firmware Dir 1760 Firmware Dir 1960 Firmware Dir 2640 Firmware +6
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-0989 HIGH POC This Week

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ns Watermark For Woocommerce
NVD WPScan
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-0920 HIGH POC This Week

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Salon Booking System
NVD WPScan
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-0828 HIGH POC This Week

The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Information Disclosure Download Manager
NVD WPScan
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-27041 HIGH POC This Week

Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Opensis
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-1023 HIGH POC PATCH This Week

The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Podcast Importer Secondline
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-1008 HIGH POC PATCH This Week

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress File Upload One Click Demo Import
NVD WPScan
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-1006 HIGH POC PATCH This Week

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Advanced Booking Calendar
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-22572 HIGH This Week

A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Incapptic Connect
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-0999 HIGH This Week

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-24827 HIGH PATCH This Week

Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Java SQLi Elide
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2022-26413 HIGH This Week

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Zyxel Vmg3312 T20A Firmware Emg3525 T50b Firmware Emg5523 T50b Firmware +29
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2022-28779 HIGH This Week

Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google RCE Microsoft Samsung Android Usb Driver Windows Installer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28776 HIGH This Week

Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Galaxy Store
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28541 HIGH This Week

Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung RCE Path Traversal Update
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-27843 HIGH This Week

DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kies
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27842 HIGH This Week

DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smart Switch Pc
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27838 HIGH This Week

Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Factorycamera
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27837 HIGH This Week

A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google RCE Code Injection Accessibility
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-27836 HIGH This Week

Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27835 HIGH This Week

Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27833 HIGH This Week

Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27830 HIGH This Week

Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27829 HIGH This Week

Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27828 HIGH This Week

Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27827 HIGH This Week

Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27826 HIGH This Week

Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27578 HIGH This Week

An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Overall Equipment Effectiveness
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27528 HIGH This Week

A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Navisworks
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-26092 HIGH This Week

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25796 HIGH This Week

A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Navisworks
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-25794 HIGH This Week

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Fbx Review
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-25792 HIGH This Week

A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Advance Steel Autocad +9
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-25791 HIGH This Week

A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Advance Steel Autocad +9
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-25790 HIGH This Week

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Advance Steel Autocad +9
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-25789 HIGH This Week

A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Advance Steel Autocad +8
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-22964 HIGH This Week

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

VMware Privilege Escalation Horizon
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22962 HIGH This Week

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

VMware Privilege Escalation Horizon
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27089 HIGH This Week

In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Plugfree Network
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27088 HIGH This Week

Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Dsm Remote
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-0556 HIGH This Week

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Zyxel Zyxel Ap Configurator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28893 HIGH PATCH This Week

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Use After Free Linux Linux Kernel +12
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-24839 HIGH PATCH This Week

org.cyberneko.html is an html parser written in Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nekohtml Weblogic Server
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-24836 HIGH PATCH This Week

Nokogiri is an open source XML and HTML library for Ruby. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nokogiri Fedora Debian Linux macOS
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2022-27844 HIGH This Week

Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging - WPvivid (WordPress plugin) versions <= 0.9.70. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Migration Backup Staging
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-22257 HIGH This Week

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy