Skip to main content
CVE-2022-30333 HIGH POC KEV PATCH THREAT Act Now

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Path Traversal Unrar Debian Linux
NVD
CVSS 3.1
7.5
EPSS
99.0%
CVE-2022-29933 HIGH POC PATCH This Week

Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Craft Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2022-23332 HIGH POC This Week

Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Command Injection Acom508 Firmware Acom532 Firmware +1
NVD GitHub
CVSS 3.1
8.8
EPSS
5.2%
CVE-2022-1631 HIGH POC PATCH This Week

Users Account Pre-Takeover or Users Account Takeover. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microweber
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
9.0%
CVE-2022-30524 HIGH POC This Week

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Xpdf
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-30286 HIGH POC PATCH THREAT This Week

pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Pyscript
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
13.3%
CVE-2022-27224 HIGH POC This Week

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nts 6002 Gps Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2022-30240 HIGH This Week

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Magnitude Simba Amazon Redshift Jdbc Driver
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-30239 HIGH This Week

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Magnitude Simba Amazon Athena Jdbc Driver
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-29972 HIGH This Week

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Magnitude Simba Amazon Redshift Odbc Driver
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2022-29971 HIGH This Week

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Magnitude Simba Amazon Athena Odbc Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-23705 HIGH This Week

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nimbleos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-23704 HIGH This Week

A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integrated Lights Out 4
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-28739 HIGH This Week

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ruby Debian Linux macOS
NVD
CVSS 3.1
7.5
EPSS
4.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy