Skip to main content
CVE-2022-29457 HIGH POC This Week

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Microsoft Information Disclosure Manageengine Adaudit Plus Manageengine Admanager Plus +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
7.9%
CVE-2022-1381 HIGH POC PATCH This Week

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
3.1%
CVE-2022-1341 HIGH POC PATCH This Week

An issue was discovered in in bwm-ng v0.6.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Bwm Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-26665 HIGH POC This Week

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Odyssey Portal
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-1037 HIGH POC This Week

The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Exmage
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-0661 HIGH POC THREAT This Week

The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Code Injection WordPress PHP +1
NVD WPScan
CVSS 3.1
7.2
EPSS
40.2%
CVE-2022-29458 HIGH POC This Week

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ncurses macOS Debian Linux
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2022-27908 HIGH PATCH This Week

Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Zoho SQLi Manageengine Opmanager
NVD
CVSS 3.1
8.8
EPSS
37.7%
CVE-2022-24841 HIGH PATCH This Week

fleetdm/fleet is an open source device management, built on osquery. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Fleet
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-23976 HIGH This Week

Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Access Demo Importer
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-27530 HIGH This Week

A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Advance Steel Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-27529 HIGH This Week

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Advance Steel Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-27526 HIGH This Week

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Design Review
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-27525 HIGH This Week

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Design Review
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-24863 HIGH PATCH This Week

http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Http Swagger
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy