Skip to main content
CVE-2022-22956 CRITICAL POC PATCH THREAT Act Now

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access
NVD GitHub
CVSS 3.1
9.8
EPSS
50.7%
CVE-2022-22960 HIGH POC KEV PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

VMware Privilege Escalation Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
7.8
EPSS
37.2%
CVE-2022-22957 HIGH POC PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE Cloud Foundation Identity Manager +3
NVD GitHub
CVSS 3.1
7.2
EPSS
23.1%
CVE-2022-24816 CRITICAL POC KEV PATCH THREAT Act Now

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java RCE Code Injection Jai Ext
NVD GitHub
CVSS 3.1
10.0
EPSS
98.7%
CVE-2022-24845 CRITICAL POC PATCH Act Now

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Vyper
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-1345 CRITICAL POC PATCH Act Now

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Information Disclosure Organizr
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-1346 CRITICAL POC PATCH Act Now

Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Information Disclosure Organizr
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-1344 CRITICAL POC PATCH Act Now

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Information Disclosure Organizr
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-24844 HIGH POC PATCH This Week

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PostgreSQL Gin Vue Admin
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-1347 HIGH POC PATCH This Week

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation XSS Organizr
NVD GitHub
CVSS 3.1
8.4
EPSS
1.2%
CVE-2022-28052 HIGH POC This Week

Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Roothub
NVD GitHub
CVSS 3.1
8.0
EPSS
2.4%
CVE-2022-1339 HIGH POC PATCH This Week

SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi Pimcore
NVD GitHub
CVSS 3.1
7.5
EPSS
5.5%
CVE-2022-27256 MEDIUM POC PATCH This Month

A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Open Redirect Hubzilla
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-27479 CRITICAL PATCH Act Now

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Superset
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-24788 CRITICAL PATCH Act Now

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Vyper
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-22955 CRITICAL PATCH Act Now

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2022-26643 MEDIUM POC This Month

An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Easyio Cpt Graphics
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-24828 HIGH PATCH This Week

Composer is a dependency manager for the PHP programming language. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP RCE Composer Tenable Sc Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-25797 HIGH This Week

A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Dwg Trueview
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-25795 HIGH This Week

A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Autocad
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-29156 HIGH PATCH This Week

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel H300E Firmware H300s Firmware +6
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-24843 HIGH PATCH This Week

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Gin Vue Admin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-24847 HIGH PATCH This Week

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java RCE Geoserver
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-24818 HIGH PATCH This Week

GeoTools is an open source Java library that provides tools for geospatial data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Deserialization Java RCE Geotools
NVD GitHub
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-22958 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE Cloud Foundation Identity Manager +3
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2022-26151 HIGH This Week

Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Citrix Xenmobile Server
NVD
CVSS 3.1
7.2
EPSS
7.6%
CVE-2022-27524 HIGH This Week

An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Dwg Trueview
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2022-27523 HIGH This Week

A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Dwg Trueview
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2022-1337 MEDIUM PATCH This Month

The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mattermost Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-1333 MEDIUM This Month

Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mattermost Playbooks
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-26589 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pluck
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1280 MEDIUM This Month

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. Rated medium severity (CVSS 6.3). No vendor patch available.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +1
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2022-27505 MEDIUM This Month

Reflected cross site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sd Wan 110 Firmware Sd Wan 210 Firmware Sd Wan 400 Firmware Sd Wan 410 Firmware +8
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-27503 MEDIUM PATCH This Month

Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Citrix Storefront Server
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-26144 MEDIUM PATCH This Month

An XSS issue was discovered in MantisBT before 2.25.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE XSS Mantisbt
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-27475 MEDIUM PATCH This Month

Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP RCE XSS Hotel Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-0023 MEDIUM This Month

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-0221 MEDIUM This Month

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE Scadapack Workbench
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-24308 MEDIUM This Month

Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Automox
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22961 MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-22279 MEDIUM This Month

A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sra 1200 Firmware Sra 4200 Firmware Sma 210 Firmware Sma 410 Firmware +1
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2022-27847 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Yoo Slider
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-27846 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Yoo Slider
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-22959 MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

VMware CSRF Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1332 MEDIUM PATCH This Month

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-27506 LOW Monitor

Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sd Wan 110 Firmware Sd Wan 210 Firmware Sd Wan 400 Firmware Sd Wan 410 Firmware +10
NVD
CVSS 3.1
2.7
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy