Skip to main content
CVE-2021-44596 CRITICAL POC THREAT Emergency

Wondershare LTD Dr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.7%.

RCE Dr Fone
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
22.7%
Threat
4.1
CVE-2021-44595 HIGH POC THREAT Act Now

Wondershare Dr. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.0%.

Authentication Bypass RCE Dr Fone
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
21.0%
CVE-2022-28994 CRITICAL POC Act Now

Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Small Http Server
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-28480 CRITICAL POC Act Now

ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Allmediaserver
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-28452 CRITICAL POC THREAT Act Now

Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Laundry Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
17.3%
CVE-2022-1531 CRITICAL POC PATCH Act Now

SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE SQLi Rtx
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-29906 CRITICAL POC Act Now

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-29904 CRITICAL POC THREAT Act Now

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mediawiki
NVD
CVSS 3.1
9.8
EPSS
16.3%
CVE-2022-1543 HIGH POC PATCH This Week

Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Scoold
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-29937 HIGH POC This Week

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Oracle Oracle Optimization
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-29936 HIGH POC This Week

USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Java RCE Oracle Oracle Optimization
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-1227 HIGH POC PATCH This Week

A privilege escalation flaw was found in Podman. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Information Disclosure Podman Psgo +14
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2022-24900 HIGH POC PATCH This Week

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Piano Led Visualizer
NVD GitHub
CVSS 3.1
8.6
EPSS
8.0%
CVE-2022-29934 HIGH POC This Week

USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oracle Oracle Optimization
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1533 HIGH POC PATCH This Week

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Buffer Overflow Libmobi
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-29935 HIGH POC This Week

USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Information Disclosure Oracle Optimization
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29856 HIGH POC This Week

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Automation 360
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-1534 HIGH POC PATCH This Week

Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Libmobi
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-1015 MEDIUM POC This Month

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Linux Buffer Overflow Linux Kernel Fedora
NVD
CVSS 3.1
6.6
EPSS
1.5%
CVE-2022-1530 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-29907 MEDIUM POC This Month

The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-25854 MEDIUM POC PATCH This Month

This affects the package @yaireo/tagify before 4.9.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Tagify
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-29451 HIGH This Week

Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF File Upload WordPress Rara One Click Demo Import
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-29905 MEDIUM POC This Month

The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mediawiki
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-29903 MEDIUM POC This Month

The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mediawiki
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-1403 HIGH This Week

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Asda Soft
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-29967 HIGH PATCH This Week

static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Glewlwyd
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-29945 HIGH This Week

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mavic 3 Firmware Rc Pro Firmware Air 2S Firmware Air 2 Firmware +7
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-1402 HIGH This Week

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Asda Soft
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-1353 HIGH PATCH This Week

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux Enterprise Linux +8
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-1114 HIGH This Week

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Information Disclosure Imagemagick
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2022-1048 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-28198 MEDIUM This Month

NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia OpenSSL Omniverse Cache Omniverse Nucleus
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-29947 MEDIUM PATCH This Month

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Woodpecker
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-1195 MEDIUM PATCH This Month

A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29414 MEDIUM This Month

Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Subscribe To Comments Reloaded
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-1536 MEDIUM This Month

A vulnerability has been found in automad up to 1.10.9 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Automad
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1526 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Emlog
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0984 MEDIUM PATCH This Month

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora Enterprise Linux
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-0985 MEDIUM PATCH This Month

Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1249 LOW PATCH Monitor

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Pesign
NVD
CVSS 3.1
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy