Skip to main content
CVE-2022-27336 CRITICAL POC THREAT Act Now

Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Seacms
NVD
CVSS 3.1
9.8
EPSS
20.0%
CVE-2022-24735 HIGH POC PATCH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Redis Fedora Management Services For Element Software +2
NVD GitHub
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-28085 HIGH POC PATCH This Week

A flaw was found in htmldoc commit 31f7804. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption RCE Buffer Overflow Htmldoc
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-22521 HIGH POC PATCH This Week

In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Benchmark Programming Tool
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2022-24891 MEDIUM POC PATCH This Month

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Enterprise Security Api Weblogic Server Active Iq Unified Manager Oncommand Workflow Automation
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-24887 MEDIUM POC PATCH This Month

Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Nextcloud Talk
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-1504 MEDIUM POC PATCH This Month

XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-29859 CRITICAL PATCH Act Now

component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Amb1 Sdk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-24736 MEDIUM POC PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Redis Null Pointer Dereference Fedora Management Services For Element Software +2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-1507 MEDIUM POC PATCH This Month

chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Chafa Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-1503 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Getsimple Cms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-27332 CRITICAL PATCH Act Now

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Denial Of Service Authentication Bypass Zammad
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-28464 CRITICAL Act Now

Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Apifox
NVD
CVSS 3.1
9.0
EPSS
1.2%
CVE-2022-22315 HIGH PATCH This Week

IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-24372 MEDIUM POC This Month

Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Information Disclosure Mr9600 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2022-24889 MEDIUM POC This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-29505 HIGH This Week

Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft OpenSSL Line
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-27239 HIGH PATCH This Week

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Cifs Utils Debian Linux Caas Platform +16
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-22278 HIGH This Week

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tz300P Firmware Tz300W Firmware Tz350 Firmware Tz350W Firmware +45
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-22275 HIGH This Week

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sonicos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-29701 HIGH PATCH This Week

A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Zammad
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-29700 HIGH PATCH This Week

A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Brute Force Zammad
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-27905 HIGH PATCH This Week

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Controlup
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-23822 MEDIUM This Month

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Zynq 7000S Firmware Zynq 7000 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-22323 MEDIUM This Month

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption IBM Microsoft Buffer Overflow Denial Of Service +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-22312 MEDIUM This Month

IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption IBM Microsoft Buffer Overflow Denial Of Service +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-24885 LOW POC PATCH Monitor

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
2.4
EPSS
0.5%
CVE-2022-28195 MEDIUM This Month

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Jetson Linux
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2022-28194 MEDIUM This Month

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow,. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Buffer Overflow Jetson Linux
NVD
CVSS 3.1
5.6
EPSS
0.3%
CVE-2022-28193 MEDIUM This Month

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Buffer Overflow Jetson Linux
NVD
CVSS 3.1
5.6
EPSS
0.3%
CVE-2022-29810 MEDIUM PATCH This Month

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Hashicorp Information Disclosure Go Getter
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-22277 MEDIUM This Month

A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tz300P Firmware Tz300W Firmware Tz350 Firmware Tz350W Firmware +45
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-22276 MEDIUM This Month

A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tz300P Firmware Tz300W Firmware Tz350 Firmware Tz350W Firmware +45
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-28197 MEDIUM This Month

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an. Rated medium severity (CVSS 5.0). No vendor patch available.

RCE Integer Overflow Nvidia Denial Of Service Jetson Linux
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2022-22345 MEDIUM PATCH This Month

IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
4.8
EPSS
1.8%
CVE-2022-28196 MEDIUM This Month

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Buffer Overflow Jetson Linux
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-24888 MEDIUM PATCH This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2022-27331 MEDIUM PATCH This Month

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Zammad
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-24886 LOW Monitor

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Google Nextcloud Information Disclosure
NVD GitHub
CVSS 3.1
3.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy