Skip to main content
CVE-2022-26147 CRITICAL POC Act Now

The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rg502Q Ea Firmware
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-29775 CRITICAL POC THREAT Act Now

iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ispy
NVD GitHub
CVSS 3.1
9.8
EPSS
60.7%
CVE-2022-29774 CRITICAL POC Act Now

iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ispy
NVD GitHub
CVSS 3.1
9.8
EPSS
5.5%
CVE-2022-31374 CRITICAL POC Act Now

An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Sv Cpt Mc310 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-31800 CRITICAL POC Act Now

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Axc 1050 Firmware Axc 1050 Xc Firmware Axc 3050 Firmware Fc 350 Pci Eth Firmware +13
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-34008 HIGH POC This Week

Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-33056 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-33055 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-33049 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-33048 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-31786 MEDIUM POC This Month

IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Idealms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-33119 MEDIUM POC This Month

NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Nvrsolo Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-31373 MEDIUM POC This Month

SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sv Cpt Mc310 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
5.1%
CVE-2022-33139 CRITICAL Act Now

A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cerberus Dms Desigo Cc Desigo Cc Compact Wincc Open Architecture
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-31801 CRITICAL Act Now

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Multiprog Proconos Proconos Eclr
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-32414 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-31307 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-31306 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-25585 MEDIUM POC This Month

Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Default settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Unioncms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-30874 MEDIUM POC PATCH This Month

There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nukeviet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-31303 MEDIUM POC This Month

maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Maccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-31302 MEDIUM POC This Month

maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Maccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-23342 MEDIUM POC This Month

The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Onbase
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-32973 HIGH This Week

An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nessus
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-23171 HIGH This Week

AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Atlasvpn
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-1833 HIGH This Week

A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Amq Broker
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-1665 HIGH This Week

A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Red Hat IBM Linux Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-27872 HIGH This Week

A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-27871 HIGH This Week

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE 3ds Max Advance Steel Autocad +11
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-27870 HIGH This Week

A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Autocad
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-27869 HIGH This Week

A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Autocad
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-27868 HIGH This Week

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Autocad
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-27867 HIGH This Week

A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Autocad
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-33995 HIGH This Week

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Remote Desktop Manager
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-22979 HIGH PATCH This Week

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Spring Cloud Function
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-23074 LOW POC PATCH Monitor

In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Recipes
NVD GitHub
CVSS 2.0
3.5
EPSS
0.8%
CVE-2022-23073 LOW POC PATCH Monitor

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Recipes
NVD GitHub
CVSS 2.0
3.5
EPSS
0.8%
CVE-2022-23072 LOW POC PATCH Monitor

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart” functionality. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Recipes
NVD GitHub
CVSS 2.0
3.5
EPSS
0.8%
CVE-2022-2068 HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux Fedora Sinec Ins +24
NVD
CVSS 3.1
7.3
EPSS
96.3%
CVE-2022-31095 MEDIUM This Month

discourse-chat is a chat plugin for the Discourse application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Discourse Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-32974 MEDIUM This Month

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nessus
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1596 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Rex640 Pcl1 Firmware Rex640 Pcl2 Firmware Rex640 Pcl3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-31478 MEDIUM This Month

The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Usertakeover
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy