Skip to main content
CVE-2022-29628 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Market Place Site
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-27779 MEDIUM POC This Month

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +7
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2022-30238 HIGH This Week

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-30232 HIGH PATCH This Week

A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Powerlogic Ion Setup Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30482 MEDIUM POC This Month

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ecommerce Project With Php And Mysqli Fruits Bazar
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-28799 HIGH This Week

The TikTok application before 23.7.3 for Android allows account takeover. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Tiktok
NVD GitHub
CVSS 3.1
8.8
EPSS
15.5%
CVE-2022-22767 HIGH This Week

Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pyxis Anesthesia Station Es Firmware Pyxis Ciisafe Firmware Pyxis Logistics Firmware Pyxis Medbank Firmware +12
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-1716 MEDIUM POC This Month

Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Keep My Notes
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2022-1797 HIGH This Week

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rockwell Compactlogix 5380 Firmware Compact Guardlogix 5380 Firmware Compactlogix 5480 Firmware +6
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2022-30115 MEDIUM POC PATCH This Month

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +6
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2022-29627 MEDIUM POC This Month

An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Online Market Place Site
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-30236 HIGH This Week

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2022-26867 HIGH This Week

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Powerstoreos
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2022-26868 HIGH This Week

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Powerstoreos
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-22557 HIGH This Week

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Powerstoreos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-31782 HIGH This Week

ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Freetype Demo Programs
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-31500 HIGH This Week

In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Knime Analytics Platform
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30540 HIGH This Week

The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-29488 HIGH This Week

The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-29483 HIGH PATCH This Week

Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Abb E Design
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28690 HIGH This Week

The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-27184 HIGH This Week

The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-1943 HIGH PATCH This Week

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1786 HIGH This Week

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-1652 HIGH This Week

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Linux Use After Free Denial Of Service +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-1419 HIGH This Week

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1215 HIGH This Week

A format string vulnerability was found in libinput. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Libinput
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-24581 HIGH This Week

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Aceweb Online Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-24241 HIGH This Week

ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aceweb Online Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-30237 HIGH This Week

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-22556 HIGH This Week

Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Powerstoreos
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31023 HIGH PATCH This Week

Play Framework is a web framework for Java and Scala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Play Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31018 HIGH PATCH This Week

Play Framework is a web framework for Java and Scala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Play Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-26975 HIGH This Week

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Control Room Management Suite
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1949 HIGH PATCH This Week

An access control bypass vulnerability found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure 389 Directory Server Directory Server Enterprise Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-1661 HIGH This Week

The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal N6854A Firmware N6841A Rf Firmware
NVD
CVSS 3.1
7.5
EPSS
15.1%
CVE-2022-32005 HIGH This Week

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Badminton Center Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-30794 HIGH This Week

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-1789 MEDIUM This Month

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel Fedora Enterprise Linux +1
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-29085 MEDIUM This Month

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-30233 MEDIUM This Month

A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31024 MEDIUM PATCH This Month

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Nextcloud Richdocuments
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-26944 MEDIUM This Month

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xtrabackup
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-1982 MEDIUM PATCH This Month

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mattermost Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-31796 MEDIUM PATCH This Month

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-29788 MEDIUM PATCH This Month

libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libmobi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-24238 MEDIUM This Month

ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aceweb Online Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29718 MEDIUM PATCH This Month

Caddy v2.4 was discovered to contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Caddy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-29711 MEDIUM PATCH This Month

LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29653 MEDIUM This Month

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ofcms
NVD
CVSS 3.1
6.1
EPSS
0.5%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy