Skip to main content
CVE-2022-30075 HIGH POC THREAT Act Now

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 37.2%.

TP-Link RCE Archer Ax50 Firmware
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
37.2%
Threat
4.4
CVE-2022-31813 CRITICAL POC Act Now

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apache Http Server Clustered Data Ontap Fedora
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-1986 CRITICAL POC PATCH Act Now

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Gogs
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2022-32272 CRITICAL POC Act Now

OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Metadefender
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
9.1%
CVE-2022-24840 CRITICAL POC PATCH Act Now

django-s3file is a lightweight file upload input for Django and Amazon S3 . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Python Path Traversal Django S3File
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-29013 CRITICAL POC THREAT Act Now

A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sila Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
77.1%
CVE-2022-1992 CRITICAL POC PATCH Act Now

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Gogs
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2022-31830 CRITICAL POC THREAT Act Now

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Kity Minder
NVD GitHub
CVSS 3.1
9.1
EPSS
15.0%
CVE-2022-31827 CRITICAL POC THREAT Act Now

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Monstaftp
NVD GitHub
CVSS 3.1
9.1
EPSS
19.6%
CVE-2022-31393 CRITICAL POC Act Now

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Jizhicms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-31390 CRITICAL POC Act Now

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SSRF Jizhicms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-31386 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Nbnbk
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-25806 HIGH POC This Week

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Universal Management Suite
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-31496 HIGH POC This Week

LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Librehealth Ehr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-1993 HIGH POC PATCH THREAT This Week

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Gogs
NVD GitHub
CVSS 3.1
8.1
EPSS
51.1%
CVE-2022-2037 HIGH POC PATCH This Week

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tooljet
NVD GitHub
CVSS 3.1
8.0
EPSS
1.1%
CVE-2022-2027 HIGH POC PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Titra
NVD GitHub
CVSS 3.1
8.0
EPSS
1.1%
CVE-2022-2000 HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Fedora macOS +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-29225 HIGH POC PATCH This Week

Envoy is a cloud-native high-performance proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-2019 HIGH POC This Week

A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Prison Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31019 HIGH POC PATCH This Week

Vapor is a server-side Swift HTTP web framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vapor
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-29255 HIGH POC PATCH This Week

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-29014 HIGH POC THREAT This Week

A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sila Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
10.6%
CVE-2022-26364 MEDIUM POC PATCH This Month

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2022-30898 MEDIUM POC This Month

A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cscms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-25805 MEDIUM POC This Month

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Universal Management Suite
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2035 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rustici Software Scorm Engine
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-32195 MEDIUM POC PATCH This Month

Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Open Edx
NVD GitHub
CVSS 3.1
6.1
EPSS
2.3%
CVE-2022-31045 CRITICAL PATCH Act Now

Istio is an open platform to connect, manage, and secure microservices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Istio
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31031 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pjsip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-25807 MEDIUM POC This Month

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Universal Management Suite
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-25804 MEDIUM POC This Month

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Universal Management Suite
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2036 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rosariosis
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-2029 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Titra
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-2028 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Titra
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-2026 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Titra
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-2015 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2014 MEDIUM POC PATCH This Month

Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Drawio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-2016 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Facturascripts
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-29226 CRITICAL PATCH Act Now

Envoy is a cloud-native high-performance proxy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-28615 CRITICAL Act Now

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Apache Http Server Fedora +1
NVD
CVSS 3.1
9.1
EPSS
5.7%
CVE-2022-25152 HIGH This Week

The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE On Premise Saas Service Desk
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-30760 MEDIUM POC This Month

An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fn2Web
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-30703 HIGH This Week

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-25153 HIGH This Week

The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation OpenSSL Endpoint Manager Communication Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31214 HIGH PATCH This Week

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Firejail Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-1998 HIGH PATCH This Week

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31051 HIGH PATCH This Week

semantic-release is an open source npm package for automated version management and package publishing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Node.js Information Disclosure Semantic Release
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-31033 HIGH PATCH This Week

The Mechanize library is used for automating interaction with websites. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mechanize Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-29228 HIGH PATCH This Week

Envoy is a cloud-native high-performance proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy