Skip to main content
CVE-2022-27342 CRITICAL POC Act Now

Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Link Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27341 CRITICAL POC Act Now

JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinalcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-1440 CRITICAL POC PATCH Act Now

Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Interface
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-27404 CRITICAL POC Act Now

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Freetype Fedora
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-27340 HIGH POC This Week

MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-27406 HIGH POC This Week

FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Freetype Fedora
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-1429 HIGH POC PATCH THREAT This Week

SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi Pimcore
NVD GitHub
CVSS 3.1
7.5
EPSS
63.9%
CVE-2022-0354 HIGH POC This Week

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure System Update
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2022-1437 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Radare2
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-29582 HIGH POC PATCH This Week

In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%
CVE-2022-1439 MEDIUM POC PATCH This Month

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
3.3%
CVE-2022-26674 CRITICAL Act Now

ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rt Ax88U Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-26672 CRITICAL Act Now

ASUS WebStorage has a hardcoded API Token in the APP source code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webstorage
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-27405 HIGH This Week

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Freetype Fedora
NVD VulDB
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-0192 HIGH This Week

A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Pcmanager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-29583 HIGH PATCH This Week

service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Service
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1108 MEDIUM This Month

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Thinkpad X1 Fold Gen 1 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-1107 MEDIUM This Month

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Thinkpad 11E Firmware Thinkpad Helix Firmware Thinkpad L560 Firmware Thinkpad L570 Firmware +26
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-29589 MEDIUM PATCH This Month

Crypt Server before 3.3.0 allows XSS in the index view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Crypt Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-0636 MEDIUM This Month

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Lenovo Thin Installer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-26673 MEDIUM This Month

ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rt Ax88U Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-28074 MEDIUM This Month

Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Halo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy