Skip to main content
CVE-2022-34008 HIGH POC This Week

Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Antivirus
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-33056 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-33055 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-33049 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-33048 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32973 HIGH This Week

An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nessus
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-23171 HIGH This Week

AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Atlasvpn
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-1833 HIGH This Week

A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Amq Broker
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-1665 HIGH This Week

A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Red Hat IBM Linux Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-27872 HIGH This Week

A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-27871 HIGH This Week

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE 3ds Max Advance Steel Autocad +11
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-27870 HIGH This Week

A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Autocad
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-27869 HIGH This Week

A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Autocad
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-27868 HIGH This Week

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Autocad
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-27867 HIGH This Week

A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Autocad
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-33995 HIGH This Week

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Remote Desktop Manager
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-22979 HIGH PATCH This Week

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Spring Cloud Function
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-2068 HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux Fedora Sinec Ins +24
NVD
CVSS 3.1
7.3
EPSS
96.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy