Skip to main content
CVE-2022-30075 HIGH POC THREAT Act Now

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 37.2%.

TP-Link RCE Archer Ax50 Firmware
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
37.2%
Threat
4.4
CVE-2022-25806 HIGH POC This Week

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Universal Management Suite
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-31496 HIGH POC This Week

LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Librehealth Ehr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-1993 HIGH POC PATCH THREAT This Week

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Gogs
NVD GitHub
CVSS 3.1
8.1
EPSS
51.1%
CVE-2022-2037 HIGH POC PATCH This Week

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tooljet
NVD GitHub
CVSS 3.1
8.0
EPSS
1.1%
CVE-2022-2027 HIGH POC PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Titra
NVD GitHub
CVSS 3.1
8.0
EPSS
1.1%
CVE-2022-2000 HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Fedora macOS +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-29225 HIGH POC PATCH This Week

Envoy is a cloud-native high-performance proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-2019 HIGH POC This Week

A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Prison Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31019 HIGH POC PATCH This Week

Vapor is a server-side Swift HTTP web framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vapor
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-29255 HIGH POC PATCH This Week

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-29014 HIGH POC THREAT This Week

A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sila Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
10.6%
CVE-2022-25152 HIGH This Week

The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE On Premise Saas Service Desk
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-30703 HIGH This Week

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-25153 HIGH This Week

The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation OpenSSL Endpoint Manager Communication Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31214 HIGH PATCH This Week

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Firejail Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-1998 HIGH PATCH This Week

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31051 HIGH PATCH This Week

semantic-release is an open source npm package for automated version management and package publishing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Node.js Information Disclosure Semantic Release
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-31033 HIGH PATCH This Week

The Mechanize library is used for automating interaction with websites. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mechanize Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-29228 HIGH PATCH This Week

Envoy is a cloud-native high-performance proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-29227 HIGH PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-30556 HIGH This Week

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Http Server Clustered Data Ontap Fedora
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2022-30522 HIGH This Week

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Http Server Clustered Data Ontap Fedora
NVD
CVSS 3.1
7.5
EPSS
90.4%
CVE-2022-29404 HIGH This Week

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Http Server Fedora Clustered Data Ontap
NVD
CVSS 3.1
7.5
EPSS
5.7%
CVE-2022-26377 HIGH This Week

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Request Smuggling Http Server Fedora +1
NVD
CVSS 3.1
7.5
EPSS
19.0%
CVE-2022-25151 HIGH This Week

Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS On Premise Saas Service Desk
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-23138 HIGH This Week

ZTE's MF297D product has cryptographic issues vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Mf297D Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-31026 HIGH PATCH This Week

Trilogy is a client library for MySQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Trilogy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31649 HIGH This Week

ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Owncloud
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-2018 HIGH This Week

A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Prison Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-2017 HIGH This Week

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Prison Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy