Skip to main content
CVE-2022-26904 HIGH POC KEV PATCH THREAT Act Now

Windows User Profile Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Race Condition Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +15
NVD
CVSS 3.1
7.0
EPSS
9.8%
CVE-2022-23865 CRITICAL POC Act Now

Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/Library/Catalog/winlibsrch.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Nyron
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-28044 CRITICAL POC PATCH Act Now

Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Irzip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-28109 HIGH POC This Week

Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Selenium Grid
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-28048 HIGH POC PATCH This Week

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Stb Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-28042 HIGH POC PATCH This Week

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Information Disclosure Stb Image H Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-29072 HIGH POC This Week

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Memory Corruption Microsoft Buffer Overflow 7 Zip
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-24279 HIGH POC PATCH This Week

The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Madlib Object Utils
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-27849 HIGH POC This Week

Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Simple Ajax Chat
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2022-21159 HIGH POC PATCH This Week

A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libiec61850
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-27043 HIGH POC This Week

Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Yearning
NVD GitHub
CVSS 3.1
7.5
EPSS
6.3%
CVE-2022-28345 HIGH POC This Week

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Apple Signal
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-28113 HIGH POC This Week

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mwid25 Ds Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
3.7%
CVE-2022-27369 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-27368 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-27367 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-27366 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-27365 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20723 HIGH POC This Week

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cisco XSS Path Traversal Ios Xe
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%
CVE-2022-20719 HIGH POC This Week

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cisco XSS Path Traversal Ios Xe
NVD GitHub
CVSS 3.1
7.2
EPSS
2.5%
CVE-2022-20718 HIGH POC This Week

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cisco XSS Path Traversal Ios Xe
NVD GitHub
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-27474 HIGH POC THREAT This Week

SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Suitecrm
NVD GitHub
CVSS 3.1
7.2
EPSS
23.1%
CVE-2022-1365 MEDIUM POC PATCH This Month

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Cross Fetch
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-28041 MEDIUM POC PATCH This Month

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Stb Image H Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-1231 MEDIUM POC PATCH This Month

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Atlassian Plantuml Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-20695 CRITICAL Act Now

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Wireless Lan Controller 8 10 151 0 Wireless Lan Controller 8 10 162 0
NVD
CVSS 3.1
10.0
EPSS
19.9%
CVE-2022-27423 CRITICAL PATCH Act Now

Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Chamilo Lms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-26809 CRITICAL Act Now

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
9.8
EPSS
91.3%
CVE-2022-24497 CRITICAL Act Now

Windows Network File System Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
9.8
EPSS
34.6%
CVE-2022-24491 CRITICAL Act Now

Windows Network File System Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
9.8
EPSS
33.5%
CVE-2022-27158 CRITICAL PATCH Act Now

pearweb < 1.32 suffers from Deserialization of Untrusted Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Pearweb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-27157 CRITICAL PATCH Act Now

pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Pearweb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26651 CRITICAL Act Now

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Asterisk Certified Asterisk Debian Linux
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2022-28049 MEDIUM POC PATCH This Month

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Nginx Null Pointer Dereference Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-26826 HIGH Act Now

Windows DNS Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.2% and no vendor patch available.

Command Injection Microsoft RCE Windows 10 Windows 11 +3
NVD VulDB
CVSS 3.1
7.2
EPSS
11.2%
CVE-2022-20724 MEDIUM POC This Month

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Cisco XSS Path Traversal Cgr1000 Compute Module +3
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-26499 CRITICAL PATCH Act Now

An SSRF issue was discovered in Asterisk through 19.x. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Asterisk Debian Linux
NVD
CVSS 3.1
9.1
EPSS
7.7%
CVE-2022-26034 CRITICAL Act Now

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass B M9000 Vp Centum Vp
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-29281 HIGH This Week

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Notable
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-27426 HIGH PATCH This Week

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSRF Chamilo Lms
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-24857 HIGH PATCH This Week

django-mfa3 is a library that implements multi factor authentication for the django web framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Python Django Mfa3
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-24851 MEDIUM POC PATCH This Month

LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Path Traversal Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2022-24541 HIGH This Week

Windows Server Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-24528 HIGH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2022-24500 HIGH This Week

Windows SMB Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
38.0%
CVE-2022-24492 HIGH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-24487 HIGH This Week

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-23259 HIGH This Week

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Dynamics 365
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2022-23257 HIGH This Week

Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-20714 HIGH This Week

A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Ios Xr
NVD
CVSS 3.1
8.6
EPSS
1.4%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy