Skip to main content
CVE-2022-26082 CRITICAL POC THREAT Act Now

A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Oas Platform
NVD
CVSS 3.1
9.8
EPSS
18.6%
CVE-2022-29379 CRITICAL POC PATCH Act Now

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Nginx Buffer Overflow Njs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-30595 CRITICAL POC PATCH Act Now

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Pillow
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-26833 CRITICAL POC THREAT Act Now

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oas Platform
NVD
CVSS 3.1
9.4
EPSS
37.6%
CVE-2022-1883 HIGH POC PATCH This Week

SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Terraboard
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2022-1851 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vim Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-27169 HIGH POC This Week

An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-26303 HIGH POC This Week

An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-26077 HIGH POC This Week

A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-26067 HIGH POC This Week

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-26043 HIGH POC This Week

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-26026 HIGH POC This Week

A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-30428 HIGH POC This Week

In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Ginadmin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-30427 HIGH POC This Week

In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ginadmin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-1815 HIGH POC PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
5.7%
CVE-2022-29402 MEDIUM POC This Month

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Tl Wr840N Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-21951 MEDIUM POC PATCH This Month

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Rancher
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-31620 MEDIUM POC PATCH This Month

In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-29359 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS School Club Application System
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-29349 MEDIUM POC This Month

kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-29650 CRITICAL Act Now

Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Food Ordering System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-23775 CRITICAL Act Now

TrueStack Direct Connect 1.4.7 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Direct Connect
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28862 CRITICAL Act Now

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Web Central
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-26945 CRITICAL PATCH Act Now

go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Go Getter
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-29361 CRITICAL PATCH Act Now

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Request Smuggling Werkzeug
NVD GitHub
CVSS 3.1
9.8
EPSS
7.7%
CVE-2022-31651 MEDIUM POC This Month

In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Sound Exchange
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-31650 MEDIUM POC This Month

In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sound Exchange
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-29358 MEDIUM POC This Month

epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Epub2Txt2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-29362 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zkeacms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-27305 HIGH PATCH This Week

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Session Fixation Gibbon
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-29380 MEDIUM POC This Month

Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Academy Lms
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-30323 HIGH PATCH This Week

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Getter
NVD GitHub
CVSS 3.1
8.6
EPSS
1.3%
CVE-2022-30322 HIGH PATCH This Week

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Getter
NVD GitHub
CVSS 3.1
8.6
EPSS
1.3%
CVE-2022-30321 HIGH PATCH This Week

go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Path Traversal Go Getter
NVD GitHub
CVSS 3.1
8.6
EPSS
3.1%
CVE-2022-29248 HIGH PATCH This Week

Guzzle is a PHP HTTP client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Drupal Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-1678 HIGH PATCH This Week

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Active Iq Unified Manager Cloud Volumes Ontap Mediator +14
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2022-29651 HIGH This Week

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload PHP Online Food Ordering System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-22127 HIGH This Week

Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tableau Server
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-29256 MEDIUM PATCH This Month

sharp is an application for Node.js image processing. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Microsoft Command Injection Node.js Sharp
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-28875 MEDIUM This Month

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlant Cloud Protection For Salesforce Elements Collaboration Protection Internet Gatekeeper +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1348 MEDIUM PATCH This Month

A vulnerability was found in logrotate in how the state file is created. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Logrotate Fedora
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-29405 MEDIUM PATCH This Month

In Apache Archiva, any registered user can reset password for any users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Archiva
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-29252 MEDIUM PATCH This Month

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-29251 MEDIUM PATCH This Month

XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-29408 MEDIUM This Month

Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Advanced Cf7 Db
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29710 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Limesurvey
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-31624 MEDIUM PATCH This Month

MariaDB Server before 10.7 is vulnerable to Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service MariaDB
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31623 MEDIUM PATCH This Month

MariaDB Server before 10.7 is vulnerable to Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service MariaDB
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31622 MEDIUM PATCH This Month

MariaDB Server before 10.7 is vulnerable to Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service MariaDB
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31621 MEDIUM PATCH This Month

MariaDB Server before 10.7 is vulnerable to Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service MariaDB
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy