Skip to main content
CVE-2021-44595 HIGH POC THREAT Act Now

Wondershare Dr. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.0%.

Authentication Bypass RCE Dr Fone
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
21.0%
CVE-2022-1543 HIGH POC PATCH This Week

Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Scoold
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-29937 HIGH POC This Week

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Oracle Oracle Optimization
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-29936 HIGH POC This Week

USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Java RCE Oracle Oracle Optimization
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-1227 HIGH POC PATCH This Week

A privilege escalation flaw was found in Podman. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Information Disclosure Podman Psgo +14
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2022-24900 HIGH POC PATCH This Week

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Piano Led Visualizer
NVD GitHub
CVSS 3.1
8.6
EPSS
8.0%
CVE-2022-29934 HIGH POC This Week

USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oracle Oracle Optimization
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1533 HIGH POC PATCH This Week

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Buffer Overflow Libmobi
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-29935 HIGH POC This Week

USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Information Disclosure Oracle Optimization
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29856 HIGH POC This Week

A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Automation 360
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-1534 HIGH POC PATCH This Week

Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Libmobi
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-29451 HIGH This Week

Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF File Upload WordPress Rara One Click Demo Import
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-1403 HIGH This Week

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Asda Soft
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-29967 HIGH PATCH This Week

static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Glewlwyd
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-29945 HIGH This Week

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mavic 3 Firmware Rc Pro Firmware Air 2S Firmware Air 2 Firmware +7
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-1402 HIGH This Week

ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Asda Soft
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-1353 HIGH PATCH This Week

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux Enterprise Linux +8
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-1114 HIGH This Week

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Information Disclosure Imagemagick
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2022-1048 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +10
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy