Skip to main content
CVE-2022-26904 HIGH POC KEV PATCH THREAT Act Now

Windows User Profile Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Race Condition Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 +15
NVD
CVSS 3.1
7.0
EPSS
9.8%
CVE-2022-28109 HIGH POC This Week

Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Selenium Grid
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-28048 HIGH POC PATCH This Week

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Stb Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-28042 HIGH POC PATCH This Week

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Information Disclosure Stb Image H Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-29072 HIGH POC This Week

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Memory Corruption Microsoft Buffer Overflow 7 Zip
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-24279 HIGH POC PATCH This Week

The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Madlib Object Utils
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-27849 HIGH POC This Week

Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat (WordPress plugin) <= 20220115. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Simple Ajax Chat
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2022-21159 HIGH POC PATCH This Week

A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libiec61850
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-27043 HIGH POC This Week

Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Yearning
NVD GitHub
CVSS 3.1
7.5
EPSS
6.3%
CVE-2022-28345 HIGH POC This Week

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Apple Signal
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-28113 HIGH POC This Week

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mwid25 Ds Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
3.7%
CVE-2022-27369 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-27368 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Lists.php_zhuan. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-27367 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Topic.php_del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-27366 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the component dance_Dance.php_hy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-27365 HIGH POC This Week

Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component dance_Dance.php_del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20723 HIGH POC This Week

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cisco XSS Path Traversal Ios Xe
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%
CVE-2022-20719 HIGH POC This Week

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cisco XSS Path Traversal Ios Xe
NVD GitHub
CVSS 3.1
7.2
EPSS
2.5%
CVE-2022-20718 HIGH POC This Week

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cisco XSS Path Traversal Ios Xe
NVD GitHub
CVSS 3.1
7.2
EPSS
2.3%
CVE-2022-27474 HIGH POC THREAT This Week

SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Suitecrm
NVD GitHub
CVSS 3.1
7.2
EPSS
23.1%
CVE-2022-26826 HIGH Act Now

Windows DNS Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.2% and no vendor patch available.

Command Injection Microsoft RCE Windows 10 Windows 11 +3
NVD VulDB
CVSS 3.1
7.2
EPSS
11.2%
CVE-2022-29281 HIGH This Week

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Notable
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-27426 HIGH PATCH This Week

A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSRF Chamilo Lms
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-24857 HIGH PATCH This Week

django-mfa3 is a library that implements multi factor authentication for the django web framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Python Django Mfa3
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-24541 HIGH This Week

Windows Server Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-24528 HIGH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2022-24500 HIGH This Week

Windows SMB Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
38.0%
CVE-2022-24492 HIGH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-24487 HIGH This Week

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-23259 HIGH This Week

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Dynamics 365
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2022-23257 HIGH This Week

Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-20714 HIGH This Week

A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Ios Xr
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2022-20697 HIGH This Week

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2022-20683 HIGH This Week

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2022-20682 HIGH This Week

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2022-24473 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
2.4%
CVE-2022-26919 HIGH This Week

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.1
EPSS
2.5%
CVE-2022-24545 HIGH This Week

Windows Kerberos Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2022-24539 HIGH This Week

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
8.1
EPSS
2.7%
CVE-2022-24490 HIGH This Week

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
8.1
EPSS
3.0%
CVE-2022-24533 HIGH This Week

Remote Desktop Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
8.0
EPSS
5.3%
CVE-2022-24472 HIGH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
1.9%
CVE-2022-26901 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Excel Excel Rt +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-26795 HIGH This Week

Windows Print Spooler Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows 10 Windows 11 Windows Server 2016 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-26918 HIGH This Week

Windows Fax Compose Form Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2022-26917 HIGH This Week

Windows Fax Compose Form Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2022-26916 HIGH This Week

Windows Fax Compose Form Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2022-26914 HIGH This Week

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Windows 10 Windows 11 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-26903 HIGH This Week

Windows Graphics Component Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Excel Excel Mobile Powerpoint +13
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2022-26810 HIGH This Week

Windows File Server Resource Management Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
7.8
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy