Skip to main content
CVE-2022-30054 CRITICAL POC Act Now

In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Covid 19 Travel Pass Management
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-30053 CRITICAL POC Act Now

In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Toll Tax Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-30052 CRITICAL POC Act Now

In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Home Clean Service System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-24108 CRITICAL POC THREAT Act Now

The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP So Listing Tabs
NVD
CVSS 3.1
9.8
EPSS
33.0%
CVE-2022-1735 HIGH POC PATCH This Week

Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-29581 HIGH POC PATCH This Week

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel Debian Linux Ubuntu Linux +8
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-1733 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-1116 HIGH POC PATCH This Week

Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Linux Buffer Overflow Linux Kernel H300s Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-24856 HIGH POC PATCH THREAT This Week

FlyteConsole is the web user interface for the Flyte platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Flyte Console
NVD GitHub
CVSS 3.1
7.5
EPSS
10.3%
CVE-2022-1711 HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
5.7%
CVE-2022-1723 HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-30007 HIGH POC This Week

GXCMS V1.5 has a file upload vulnerability in the background. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gxcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30045 MEDIUM POC This Month

An issue was discovered in libezxml.a in ezXML 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ezxml
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-29332 MEDIUM POC This Month

D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Path Traversal Dir 825 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-28181 CRITICAL PATCH Act Now

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Memory Corruption RCE Microsoft Linux Buffer Overflow +5
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2022-28616 CRITICAL PATCH Act Now

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Oneview
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-1360 CRITICAL Act Now

The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Cnmaestro
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-1357 CRITICAL Act Now

The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cnmaestro
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-28617 CRITICAL PATCH Act Now

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oneview
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-30067 MEDIUM POC This Month

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gimp
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-30072 MEDIUM POC This Month

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wbce Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-30073 MEDIUM POC This Month

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wbce Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2022-24394 HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24393 HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24392 HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24391 HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Deception Network
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-24390 HIGH This Week

Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-24389 HIGH This Week

Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-24388 HIGH This Week

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-29429 HIGH This Week

Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF WordPress Code Snippets Extended
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23669 HIGH This Week

A remote authorization bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-30972 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file (e.g., archived artifacts) that uses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF CSRF Jenkins Storage Configs
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-30971 HIGH This Week

Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Storable Configs
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30969 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Jenkins Autocomplete Parameter
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-30958 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins SSH
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-30951 HIGH PATCH This Week

Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Jenkins Wmi Windows Agents
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-30950 HIGH PATCH This Week

Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Jenkins Buffer Overflow Wmi Windows Agents
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-28182 HIGH PATCH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Memory Corruption RCE Microsoft Buffer Overflow Nvidia +4
NVD
CVSS 3.1
8.5
EPSS
1.5%
CVE-2022-30945 HIGH PATCH This Week

Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Jenkins Information Disclosure Pipeline
NVD
CVSS 3.1
8.5
EPSS
1.3%
CVE-2022-24890 MEDIUM POC PATCH This Month

Nextcloud Talk is a video and audio conferencing app for Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Talk
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-1753 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in WoWonder. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Wowonder
NVD VulDB
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-29174 HIGH PATCH This Week

countly-server is the server-side part of Countly, a product analytics solution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Countly Server
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2022-29162 HIGH PATCH This Week

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Runc Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-1356 HIGH This Week

cnMaestro is vulnerable to a local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Cnmaestro
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28184 HIGH PATCH This Week

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Linux Nvidia Information Disclosure +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1118 HIGH This Week

Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Connected Component Workbench Isagraf Workbench Safety Instrumented Systems Workstation
NVD
CVSS 3.1
7.8
EPSS
11.7%
CVE-2022-0997 HIGH This Week

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deception Network
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-0486 HIGH This Week

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deception Network
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30688 HIGH PATCH This Week

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Python Needrestart Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-1769 HIGH PATCH This Week

Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Vim Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy