Skip to main content
CVE-2022-22960 HIGH POC KEV PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

VMware Privilege Escalation Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
7.8
EPSS
37.2%
CVE-2022-22957 HIGH POC PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE Cloud Foundation Identity Manager +3
NVD GitHub
CVSS 3.1
7.2
EPSS
23.1%
CVE-2022-24844 HIGH POC PATCH This Week

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PostgreSQL Gin Vue Admin
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-1347 HIGH POC PATCH This Week

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation XSS Organizr
NVD GitHub
CVSS 3.1
8.4
EPSS
1.2%
CVE-2022-28052 HIGH POC This Week

Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Roothub
NVD GitHub
CVSS 3.1
8.0
EPSS
2.4%
CVE-2022-1339 HIGH POC PATCH This Week

SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi Pimcore
NVD GitHub
CVSS 3.1
7.5
EPSS
5.5%
CVE-2022-24828 HIGH PATCH This Week

Composer is a dependency manager for the PHP programming language. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP RCE Composer Tenable Sc Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-25797 HIGH This Week

A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Dwg Trueview
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-25795 HIGH This Week

A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Autocad
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-29156 HIGH PATCH This Week

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel H300E Firmware H300s Firmware +6
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-24843 HIGH PATCH This Week

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Gin Vue Admin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-24847 HIGH PATCH This Week

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java RCE Geoserver
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-24818 HIGH PATCH This Week

GeoTools is an open source Java library that provides tools for geospatial data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Deserialization Java RCE Geotools
NVD GitHub
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-22958 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE Cloud Foundation Identity Manager +3
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2022-26151 HIGH This Week

Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Citrix Xenmobile Server
NVD
CVSS 3.1
7.2
EPSS
7.6%
CVE-2022-27524 HIGH This Week

An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Dwg Trueview
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2022-27523 HIGH This Week

A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Dwg Trueview
NVD
CVSS 3.1
7.1
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy