Skip to main content
CVE-2022-25324 HIGH POC This Week

All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Bignum
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-28973 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28972 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28971 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28970 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28969 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-30293 HIGH POC PATCH This Week

In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Buffer Overflow Apple Webkitgtk Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-24899 MEDIUM POC PATCH This Month

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Canonical XSS Contao
NVD GitHub
CVSS 3.1
6.1
EPSS
4.4%
CVE-2022-24817 CRITICAL PATCH Act Now

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Privilege Escalation Kubernetes RCE Code Injection Flux2 +2
NVD GitHub
CVSS 3.1
9.9
EPSS
1.0%
CVE-2022-29423 CRITICAL Act Now

Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Countdown Builder
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28163 CRITICAL Act Now

In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sannav
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-28005 CRITICAL Act Now

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Path Traversal 3Cx
NVD
CVSS 3.1
9.8
EPSS
6.1%
CVE-2022-29161 CRITICAL PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-24823 MEDIUM POC PATCH This Month

Netty is an open-source, asynchronous event-driven network application framework. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Java Microsoft Information Disclosure Netty Financial Services Crime And Compliance Management Studio +3
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-1053 CRITICAL PATCH Act Now

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Keylime Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2022-28507 MEDIUM POC This Month

Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bdt 121 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-28165 HIGH This Week

A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sannav
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-26889 HIGH This Week

In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk XSS Path Traversal
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-21934 HIGH This Week

Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Metasys Application And Data Server Metasys Extended Application And Data Server Metasys Open Application Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-24877 HIGH PATCH This Week

Flux is an open and extensible continuous delivery solution for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Information Disclosure Path Traversal Flux2 +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-24903 HIGH PATCH This Week

Rsyslog is a rocket-fast system for log processing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

RCE Buffer Overflow Rsyslog Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
8.1
EPSS
3.8%
CVE-2022-28279 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Photoshop
NVD
CVSS 3.0
7.8
EPSS
2.8%
CVE-2022-28278 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-28277 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Photoshop
NVD
CVSS 3.0
7.8
EPSS
2.6%
CVE-2022-28276 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Photoshop
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2022-28275 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Photoshop
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2022-28274 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Photoshop
NVD
CVSS 3.0
7.8
EPSS
2.6%
CVE-2022-28273 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Photoshop
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2022-28272 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Photoshop
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2022-28271 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Photoshop
NVD
CVSS 3.0
7.8
EPSS
3.2%
CVE-2022-28270 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Photoshop
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2022-27784 HIGH This Week

Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Stack Overflow Buffer Overflow After Effects
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2022-27783 HIGH This Week

Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Stack Overflow Buffer Overflow After Effects
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2022-24105 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Photoshop
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2022-24098 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an improper input validation vulnerability when parsing a PCX file that could result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Photoshop
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2022-23205 HIGH This Week

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Photoshop
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2022-23802 HIGH This Week

Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Guru
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-24884 HIGH PATCH This Week

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Ecdsautils Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-29171 HIGH This Week

Sourcegraph is a fast and featureful code search and navigation engine. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes RCE Grafana Sourcegraph
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-29164 HIGH PATCH This Week

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kubernetes Argo Workflows
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2022-28164 MEDIUM This Month

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sannav
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-30295 MEDIUM This Month

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Uclibc Uclibc Ng
NVD
CVSS 3.1
6.5
EPSS
11.3%
CVE-2022-24878 MEDIUM PATCH This Month

Flux is an open and extensible continuous delivery solution for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubernetes Path Traversal Flux2 Kustomize Controller
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-29421 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Countdown Builder
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27183 MEDIUM This Month

The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk XSS
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-28545 MEDIUM PATCH This Month

FUDforum 3.1.1 is vulnerable to Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fudforum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-29422 MEDIUM This Month

Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Countdown Builder
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-29420 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.3.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Countdown Builder
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-27909 MEDIUM This Month

In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jdownloads
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-26070 MEDIUM This Month

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy