Skip to main content
CVE-2022-29528 CRITICAL POC PATCH Act Now

An issue was discovered in MISP before 2.4.158. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-26133 CRITICAL POC PATCH THREAT Act Now

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java RCE Atlassian Bitbucket Data Center
NVD GitHub
CVSS 3.1
9.8
EPSS
71.1%
CVE-2022-0540 CRITICAL POC PATCH THREAT Act Now

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Atlassian Jira Data Center Jira Server Jira Service Management
NVD GitHub
CVSS 3.1
9.8
EPSS
88.1%
CVE-2022-24860 CRITICAL POC Act Now

Databasir is a team-oriented relational database model document management platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Databasir
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-24861 HIGH POC PATCH This Week

Databasir is a team-oriented relational database model document management platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Databasir
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-25342 HIGH POC This Week

An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D Color Mf3555 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-29534 HIGH POC PATCH This Week

An issue was discovered in MISP before 2.4.158. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-24862 HIGH POC This Week

Databasir is a team-oriented relational database model document management platform. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Databasir
NVD GitHub
CVSS 3.1
7.7
EPSS
1.0%
CVE-2022-25343 HIGH POC This Week

An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service D Color Mf3555 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-29527 HIGH POC PATCH This Week

Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Race Condition Amazon Ssm Agent
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-24865 MEDIUM POC PATCH This Month

HumHub is an Open Source Enterprise Social Network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Humhub
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-25344 MEDIUM POC This Month

An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D Color Mf3555 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1039 CRITICAL Act Now

The weak password on the web user interface can be exploited via HTTP or HTTPS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Da50N Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-29531 MEDIUM POC PATCH This Month

An issue was discovered in MISP before 2.4.158. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29530 MEDIUM POC PATCH This Month

An issue was discovered in MISP before 2.4.158. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29529 MEDIUM POC PATCH This Month

An issue was discovered in MISP before 2.4.158. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29537 MEDIUM POC This Month

gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-0567 CRITICAL Act Now

A flaw was found in ovn-kubernetes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Ovn Kubernetes
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-29532 MEDIUM POC PATCH This Month

An issue was discovered in MISP before 2.4.158. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-27629 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Micropayments
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-24872 HIGH PATCH This Week

Shopware is an open commerce platform based on Symfony Framework and Vue. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-26516 HIGH This Week

Authorized users may install a maliciously modified package file when updating the device via the web user interface. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Da50N Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-24826 HIGH PATCH This Week

On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Git Large File Storage
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2022-29536 HIGH PATCH This Week

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Epiphany Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-28327 HIGH PATCH This Week

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2022-27536 HIGH PATCH This Week

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-24675 HIGH PATCH This Week

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Go Fedora Kubernetes Monitoring Operator
NVD
CVSS 3.1
7.5
EPSS
10.0%
CVE-2022-29266 HIGH This Week

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Apisix
NVD
CVSS 3.1
7.5
EPSS
7.8%
CVE-2022-27179 MEDIUM This Month

A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Da50N Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-29533 MEDIUM PATCH This Month

An issue was discovered in MISP before 2.4.158. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-24799 MEDIUM PATCH This Month

wire-webapp is the web application interface for the wire messaging service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Docker Wire Webapp
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-1254 MEDIUM This Month

A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Web Gateway
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-24871 MEDIUM PATCH This Month

Shopware is an open commerce platform based on Symfony Framework and Vue. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Shopware
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-26519 MEDIUM This Month

There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hills Comnav Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-1318 MEDIUM This Month

Hills ComNav version 3002-19 suffers from a weak communication channel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hills Comnav Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-24864 MEDIUM PATCH This Month

Origin Protocol is a blockchain based project. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Origin Website
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy