Skip to main content
CVE-2022-1770 HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Trudesk
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2022-31245 HIGH POC PATCH This Week

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Mailcow
NVD GitHub
CVSS 3.1
8.8
EPSS
5.2%
CVE-2022-28992 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Online Banquet Booking System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-25227 HIGH POC This Week

Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Thinfinity Vnc
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-29181 HIGH POC PATCH This Week

Nokogiri is an open source XML and HTML library for Ruby. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nokogiri macOS
NVD GitHub
CVSS 3.1
8.2
EPSS
2.9%
CVE-2022-28990 HIGH POC PATCH This Week

WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Wasm3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-29320 HIGH POC This Week

MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Partition Wizard
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-27095 HIGH POC This Week

BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Battleye
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-26634 HIGH POC This Week

HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Hidemyass
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-24434 HIGH POC PATCH This Week

This affects all versions of package dicer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Dicer
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2022-21195 HIGH POC This Week

All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Url Regex
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-28991 HIGH POC This Week

Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Multi Store Inventory Management System
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-1784 HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-21500 HIGH POC PATCH THREAT This Week

Vulnerability in Oracle E-Business Suite (component: Manage Proxies). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle E Business Suite User Management
NVD
CVSS 3.1
7.5
EPSS
70.6%
CVE-2022-29208 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-29427 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disable Right Click For WP plugin <= 1.1.6 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Disable Right Click For Wp
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-29184 HIGH PATCH This Week

GoCD is a continuous delivery server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Docker Gocd
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2022-29874 HIGH PATCH This Week

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware 7Kg8500 0Aa10 2Aa0 Firmware +32
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-29872 HIGH PATCH This Week

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware +33
NVD
CVSS 4.0
8.7
EPSS
1.4%
CVE-2022-29170 HIGH PATCH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Grafana
NVD GitHub
CVSS 3.1
8.5
EPSS
1.1%
CVE-2022-29179 HIGH PATCH This Week

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Cilium
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-29178 HIGH PATCH This Week

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cilium
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-22973 HIGH This Week

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

VMware Privilege Escalation Identity Manager Workspace One Access Cloud Foundation +1
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-29033 HIGH PATCH This Week

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-29032 HIGH PATCH This Week

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-27653 HIGH This Week

A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Simcenter Femap
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-24287 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Simatic Pcs 7 Simatic Wincc Simatic Wincc Runtime Professional
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-29878 HIGH PATCH This Week

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware 7Kg8500 0Aa10 2Aa0 Firmware +32
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-29801 HIGH PATCH This Week

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Teamcenter
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-24290 HIGH PATCH This Week

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions <. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Teamcenter
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-24044 HIGH This Week

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Desigo Dxr2 Firmware Desigo Pxc3 Firmware Desigo Pxc4 Firmware Desigo Pxc5 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-30551 HIGH PATCH This Week

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Ua Java
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-29447 HIGH This Week

Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress Information Disclosure Hover Effects
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-29882 HIGH PATCH This Week

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware 7Kg8500 0Aa10 2Aa0 Firmware +32
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-29876 HIGH PATCH This Week

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware 7Kg8500 0Aa10 2Aa0 Firmware +32
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-28964 HIGH This Week

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Premium Security
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy