Skip to main content
CVE-2022-29034 MEDIUM POC PATCH THREAT This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Sinema Remote Connect Server
NVD
CVSS 3.1
6.1
EPSS
28.3%
CVE-2022-31273 CRITICAL Act Now

An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Topidp3000 Topsec Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-32262 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection File Upload Sinema Remote Connect Server
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-32260 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-32251 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-25651 CRITICAL Act Now

Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Apq8009 Firmware Apq8017 Firmware +50
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-22087 CRITICAL Act Now

memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +152
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-22086 CRITICAL Act Now

Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8009W Firmware Apq8017 Firmware Apq8053 Firmware +137
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-25167 CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Java Apache Flume
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2022-2079 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nocodb
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30230 CRITICAL PATCH Act Now

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Sicam Gridedge Essential
NVD
CVSS 4.0
9.3
EPSS
1.0%
CVE-2022-32559 CRITICAL Act Now

An issue was discovered in Couchbase Server before 7.0.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Couchbase Server
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-27889 CRITICAL Act Now

The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Foundry Multipass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-29614 MEDIUM POC This Month

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Host Agent Netweaver Abap
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2022-29241 HIGH PATCH This Week

Jupyter Server provides the backend (i.e. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Jupyter Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-31595 HIGH This Week

SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Adaptive Server Enterprise
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-30903 MEDIUM POC This Month

Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia XSS G 2425G A Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-31619 HIGH PATCH This Week

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass RCE Java Teamcenter
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-26476 HIGH This Week

A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Spectrum Power 4 Spectrum Power 7 Spectrum Power Microgrid Management System
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-30229 HIGH PATCH This Week

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Sicam Gridedge Essential
NVD
CVSS 4.0
8.6
EPSS
0.7%
CVE-2022-30228 HIGH PATCH This Week

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sicam Gridedge Essential
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2022-30930 MEDIUM POC This Month

Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tourism Management System
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-31590 HIGH This Week

SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Powerdesigner Proxy
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32252 HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31465 HIGH This Week

A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Xpedition Designer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22103 HIGH This Week

Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sa8540p Firmware Sa9000p Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22090 HIGH This Week

Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Buffer Overflow Use After Free Denial Of Service +23
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22085 HIGH This Week

Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware +153
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22084 HIGH This Week

Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware +151
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22082 HIGH This Week

Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +150
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22072 HIGH PATCH This Week

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +55
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22071 HIGH KEV PATCH THREAT This Week

Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Qualcomm Use After Free Apq8053 Firmware +89
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-22068 HIGH PATCH This Week

kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Qualcomm Use After Free Information Disclosure Apq8053 Firmware +115
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22057 HIGH PATCH This Week

Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Race Condition Qualcomm Apq8053 Firmware Ar8035 Firmware +78
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-29925 HIGH This Week

Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE V Sft
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-29524 HIGH This Week

Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow V Server
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-29522 HIGH This Week

Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Use After Free V Server +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-29506 HIGH This Week

Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure V Server V Sft
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-27176 HIGH This Week

Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Revoworks Browser Revoworks Desktop Revoworks Scvx
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-26302 HIGH This Week

Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow V Sft
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-32557 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32285 HIGH This Week

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Saml
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-32261 HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-32258 HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-32254 HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-32253 HIGH PATCH This Week

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-30937 HIGH PATCH This Week

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow En100 Ethernet Module Dnp3 Firmware En100 Ethernet Module Iec 104 Firmware En100 Ethernet Module Iec 61850 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-22083 HIGH This Week

Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Buffer Overflow Information Disclosure Apq8009 Firmware +150
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22065 HIGH PATCH This Week

Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Qualcomm Buffer Overflow Information Disclosure Apq8009 Firmware Apq8009W Firmware +165
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22064 HIGH PATCH This Week

Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Qualcomm Buffer Overflow Information Disclosure Apq8009 Firmware Apq8009W Firmware +160
NVD
CVSS 3.1
7.5
EPSS
0.6%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy