Skip to main content
CVE-2022-24861 HIGH POC PATCH This Week

Databasir is a team-oriented relational database model document management platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Databasir
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-25342 HIGH POC This Week

An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D Color Mf3555 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-29534 HIGH POC PATCH This Week

An issue was discovered in MISP before 2.4.158. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-24862 HIGH POC This Week

Databasir is a team-oriented relational database model document management platform. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Databasir
NVD GitHub
CVSS 3.1
7.7
EPSS
1.0%
CVE-2022-25343 HIGH POC This Week

An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service D Color Mf3555 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-29527 HIGH POC PATCH This Week

Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Race Condition Amazon Ssm Agent
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-27629 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Micropayments
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-24872 HIGH PATCH This Week

Shopware is an open commerce platform based on Symfony Framework and Vue. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-26516 HIGH This Week

Authorized users may install a maliciously modified package file when updating the device via the web user interface. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Da50N Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-24826 HIGH PATCH This Week

On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Git Large File Storage
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2022-29536 HIGH PATCH This Week

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Epiphany Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-28327 HIGH PATCH This Week

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2022-27536 HIGH PATCH This Week

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-24675 HIGH PATCH This Week

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Go Fedora Kubernetes Monitoring Operator
NVD
CVSS 3.1
7.5
EPSS
10.0%
CVE-2022-29266 HIGH This Week

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Apisix
NVD
CVSS 3.1
7.5
EPSS
7.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy