Skip to main content
CVE-2022-1509 HIGH POC PATCH This Week

Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Control Panel
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2022-28060 HIGH POC This Week

SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Victor Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-29555 HIGH This Week

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mender
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-29410 HIGH This Week

Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Hermit
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-28892 HIGH PATCH This Week

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Mahara
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-29821 HIGH This Week

In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Pycharm
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2022-29819 HIGH This Week

In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Intellij Idea
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2022-29814 HIGH This Week

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Intellij Idea
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2022-29585 HIGH This Week

In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mahara
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-24892 HIGH PATCH This Week

Shopware is an open source e-commerce software platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-24879 HIGH PATCH This Week

Shopware is an open source e-commerce software platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22783 HIGH This Week

A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoom On Premise Meeting Connector Controller Zoom On Premise Meeting Connector Mmr
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-22781 HIGH This Week

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-24935 HIGH This Week

Lexmark products through 2022-02-10 have Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lexmark Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22782 HIGH This Week

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meetings Rooms For Conference Rooms Vdi Windows Meeting Clients +1
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-29818 HIGH This Week

In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy