Skip to main content
CVE-2022-24842 HIGH POC PATCH This Week

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Minio
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-28213 HIGH POC THREAT This Week

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
12.5%
CVE-2022-27418 HIGH POC This Week

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-27416 HIGH POC This Week

Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcpreplay
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-27387 HIGH POC This Week

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-27386 HIGH POC This Week

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-27385 HIGH POC This Week

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi MariaDB
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-27384 HIGH POC This Week

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-27383 HIGH POC This Week

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-27382 HIGH POC This Week

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-27381 HIGH POC This Week

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-27380 HIGH POC This Week

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-27379 HIGH POC This Week

An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-27378 HIGH POC This Week

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-27377 HIGH POC This Week

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-27376 HIGH POC This Week

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-27261 HIGH POC This Week

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Express Fileupload
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-21803 HIGH POC PATCH This Week

This affects the package nconf before 0.11.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Nconf
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-29050 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over FTP Plugin 1.16 and earlier allows attackers to connect to an FTP server using attacker-specified credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Publish Over Ftp
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-24812 HIGH PATCH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Grafana
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2022-28661 HIGH PATCH This Week

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Simcenter Femap
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-25754 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Siemens CSRF Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware Scalance X306 1Ldfe Firmware +20
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-25753 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Siemens Stack Overflow Buffer Overflow Scalance X302 7Eec Firmware +22
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-22549 HIGH This Week

Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-0141 HIGH This Week

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Visual Form Builder
NVD WPScan
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-24767 HIGH PATCH This Week

GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Visual Studio 2017 Visual Studio 2019 Visual Studio 2022 +1
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-24765 HIGH This Week

Git for Windows is a fork of Git containing Windows-specific patches. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Git Fedora Xcode +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-24411 HIGH This Week

Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-24383 HIGH PATCH This Week

The affected product is vulnerable to an out-of-bounds read, which may result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Information Disclosure Alpha5 Smart Loader Firmware
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-21228 HIGH PATCH This Week

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Stack Overflow Buffer Overflow Alpha5 Smart Loader Firmware
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-21214 HIGH PATCH This Week

The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Heap Overflow Alpha5 Smart Loader Firmware
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-28663 HIGH PATCH This Week

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-23448 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Simatic Energy Manager Basic Simatic Energy Manager Pro
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-24412 HIGH This Week

Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-24070 HIGH This Week

Subversion's mod_dav_svn is vulnerable to memory corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Buffer Overflow Subversion Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
9.3%
CVE-2022-23161 HIGH PATCH This Week

Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-22562 HIGH PATCH This Week

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-22559 HIGH PATCH This Week

Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-28773 HIGH This Week

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Web Dispatcher
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-28772 HIGH This Week

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow SAP Netweaver +1
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-27669 HIGH This Week

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Java Netweaver Application Server For Java
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-27667 HIGH This Week

Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-23703 HIGH This Week

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nimbleos
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-21155 HIGH This Week

A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Scada Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28328 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Siemens Scalance W1788 2Ia M12 Firmware Scalance W1788 2 M12 Firmware Scalance W1788 2 Eec M12 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-27480 HIGH PATCH This Week

A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Sicam A8000 Cp 8031 Firmware Sicam A8000 Cp 8050 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-27241 HIGH PATCH This Week

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mendix
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-27194 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Simatic Pcs Neo Sinetplan Totally Integrated Automation Portal
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-26380 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Siemens Buffer Overflow Information Disclosure Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware +21
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-26335 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Siemens Buffer Overflow Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware Scalance X306 1Ldfe Firmware +20
NVD
CVSS 3.1
7.5
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy