Skip to main content
CVE-2022-31500 HIGH This Week

In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Knime Analytics Platform
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30540 HIGH This Week

The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-29488 HIGH This Week

The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-29483 HIGH PATCH This Week

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Abb E Design
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28690 HIGH This Week

The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-27184 HIGH This Week

The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-1943 HIGH PATCH This Week

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1786 HIGH This Week

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-1652 HIGH This Week

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Linux Use After Free Denial Of Service +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-1419 HIGH This Week

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1215 HIGH This Week

A format string vulnerability was found in libinput. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Libinput
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-24581 HIGH This Week

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Aceweb Online Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-24241 HIGH This Week

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aceweb Online Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-30237 HIGH This Week

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-22556 HIGH This Week

Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Powerstoreos
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31023 HIGH PATCH This Week

Play Framework is a web framework for Java and Scala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Play Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31018 HIGH PATCH This Week

Play Framework is a web framework for Java and Scala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Play Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-26975 HIGH This Week

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Control Room Management Suite
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1949 HIGH PATCH This Week

An access control bypass vulnerability found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure 389 Directory Server Directory Server Enterprise Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-1661 HIGH This Week

The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal N6854A Firmware N6841A Rf Firmware
NVD
CVSS 3.1
7.5
EPSS
15.1%
CVE-2022-32005 HIGH This Week

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Badminton Center Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-30794 HIGH This Week

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy