Skip to main content
CVE-2022-23063 HIGH POC This Week

In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Shopizer
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-20759 HIGH POC THREAT This Week

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Firepower Threat Defense Adaptive Security Appliance Software
NVD GitHub
CVSS 3.1
8.8
EPSS
28.4%
CVE-2022-1554 HIGH POC PATCH This Week

Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Scout
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-29001 HIGH POC This Week

In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Springbootmovie
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-28505 HIGH POC This Week

Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-28590 HIGH POC THREAT This Week

A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Pixelimity
NVD GitHub
CVSS 3.1
7.2
EPSS
24.0%
CVE-2022-23400 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Imagegear
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-1548 HIGH This Week

Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mattermost Playbooks
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-0916 HIGH This Week

An issue was discovered in Logitech Options. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass CSRF Options
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-21949 HIGH This Week

A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Open Build Service
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-20743 HIGH This Week

A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco File Upload Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2022-20715 HIGH This Week

A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2022-20111 HIGH This Week

In ion, there is a possible use after free due to incorrect error handling. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2022-21743 HIGH This Week

In ion, there is a possible use after free due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Denial Of Service Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-28792 HIGH This Week

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Gear Iconx Pc Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20109 HIGH This Week

In ion, there is a possible use after free due to improper update of reference count. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20099 HIGH This Week

In aee daemon, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20093 HIGH This Week

In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20088 HIGH This Week

In aee driver, there is a possible reference count mistake due to incorrect error handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20084 HIGH This Week

In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20729 HIGH This Week

A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Code Injection Firepower Threat Defense
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27313 HIGH PATCH This Week

An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Gitea
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-22368 HIGH PATCH This Week

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-1473 HIGH PATCH This Week

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-20767 HIGH This Week

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-20760 HIGH This Week

A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-20757 HIGH This Week

A vulnerability in the connection handling function in Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-20751 HIGH This Week

A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-20746 HIGH This Week

A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Null Pointer Dereference Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-20745 HIGH This Week

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-20730 HIGH This Week

A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-20742 HIGH This Week

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2022-1292 HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway Debian Linux Active Iq Unified Manager +31
NVD
CVSS 3.1
7.3
EPSS
83.2%
CVE-2022-28783 HIGH This Week

Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-20737 HIGH This Week

A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Heap Overflow Adaptive Security Appliance Software
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2022-20110 HIGH This Week

In ion, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy