Skip to main content
CVE-2022-30781 HIGH POC PATCH THREAT Act Now

Gitea before 1.16.7 does not escape git fetch remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Gitea Information Disclosure
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
87.7%
CVE-2022-1182 HIGH POC This Week

The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Visual Slide Box Builder
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-1103 HIGH POC THREAT This Week

The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Advanced Uploader
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
15.9%
CVE-2022-29623 HIGH POC This Week

An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Connect Multiparty
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-1721 HIGH POC PATCH This Week

Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-1713 HIGH POC PATCH This Week

SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
9.2%
CVE-2022-30012 HIGH POC This Week

In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-30763 HIGH POC This Week

Janet before 1.22.0 mishandles arrays. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Janet
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-1409 HIGH POC This Week

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Hotel Booking Engine Pms
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-0573 HIGH PATCH This Week

JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Deserialization Privilege Escalation RCE Artifactory
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-30697 HIGH This Week

Local privilege escalation due to insecure folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Snap Deploy
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30696 HIGH This Week

Local privilege escalation due to a DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Snap Deploy
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30695 HIGH This Week

Local privilege escalation due to excessive permissions assigned to child processes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Snap Deploy
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-1679 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +9
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-30523 HIGH This Week

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Password Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30782 HIGH PATCH This Week

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openmoney Api
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-29588 HIGH This Week

Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Information Disclosure Bizhub 226I Firmware Bizhub 227 Firmware Bizhub 246I Firmware +42
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-29586 HIGH This Week

Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bizhub 226I Firmware Bizhub 227 Firmware Bizhub 246I Firmware Bizhub 287 Firmware +41
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2022-23667 HIGH This Week

A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy