Skip to main content
CVE-2022-1883 HIGH POC PATCH This Week

SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Terraboard
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2022-1851 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vim Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-27169 HIGH POC This Week

An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-26303 HIGH POC This Week

An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-26077 HIGH POC This Week

A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-26067 HIGH POC This Week

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-26043 HIGH POC This Week

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-26026 HIGH POC This Week

A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-30428 HIGH POC This Week

In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Ginadmin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-30427 HIGH POC This Week

In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ginadmin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-1815 HIGH POC PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
5.7%
CVE-2022-27305 HIGH PATCH This Week

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Session Fixation Gibbon
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-30323 HIGH PATCH This Week

go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Getter
NVD GitHub
CVSS 3.1
8.6
EPSS
1.3%
CVE-2022-30322 HIGH PATCH This Week

go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Getter
NVD GitHub
CVSS 3.1
8.6
EPSS
1.3%
CVE-2022-30321 HIGH PATCH This Week

go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Path Traversal Go Getter
NVD GitHub
CVSS 3.1
8.6
EPSS
3.1%
CVE-2022-29248 HIGH PATCH This Week

Guzzle is a PHP HTTP client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Drupal Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-1678 HIGH PATCH This Week

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Active Iq Unified Manager Cloud Volumes Ontap Mediator +14
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2022-29651 HIGH This Week

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload PHP Online Food Ordering System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-22127 HIGH This Week

Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tableau Server
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy