Skip to main content
CVE-2022-31787 CRITICAL POC Act Now

IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ideatms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-31361 CRITICAL POC Act Now

Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Docebo
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-34300 HIGH POC This Week

In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tinyexr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-31395 HIGH POC This Week

Algo Communication Products Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal 8373 Ip Zone Paging Adapter Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-31362 HIGH POC THREAT This Week

Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Docebo
NVD
CVSS 3.1
8.8
EPSS
17.8%
CVE-2022-34299 HIGH POC PATCH This Week

There is a heap-based buffer over-read in libdwarf 0.4.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libdwarf
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-2183 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-2182 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-33034 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-33033 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-33032 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-33028 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-33027 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-33026 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-33025 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-2175 HIGH POC PATCH This Week

Buffer Over-read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-34296 HIGH POC PATCH This Week

In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Skipper
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-33105 HIGH POC PATCH This Week

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2022-33097 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33096 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33095 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-33094 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33093 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33092 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33024 HIGH POC This Week

There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-33114 HIGH POC This Week

Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-34295 MEDIUM POC PATCH This Month

totd before 1.5.3 does not properly randomize mesg IDs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Totd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-34012 MEDIUM POC This Month

Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oneblog
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-34328 MEDIUM POC This Month

PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pmb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-32131 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32130 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32129 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32128 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32127 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32126 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32125 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32124 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-34305 MEDIUM POC PATCH This Month

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache XSS
NVD
CVSS 3.1
6.1
EPSS
6.2%
CVE-2022-33127 CRITICAL PATCH Act Now

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Diffy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-32554 CRITICAL Act Now

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Purity Fa Purity Fb
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-32535 CRITICAL Act Now

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Pra Es8P2S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-32534 CRITICAL Act Now

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Pra Es8P2S Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-22980 CRITICAL PATCH Act Now

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection Spring Data Mongodb
NVD
CVSS 3.1
9.8
EPSS
16.9%
CVE-2022-33124 MEDIUM POC This Month

AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aiohttp
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-33070 MEDIUM POC This Month

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Protobuf C Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-33069 MEDIUM POC This Month

Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment() at SMTEncoder.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Solidity
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-33068 MEDIUM POC PATCH This Month

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Harfbuzz Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-33067 MEDIUM POC This Month

Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Long Range Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-33113 MEDIUM POC This Month

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29526 MEDIUM POC PATCH This Month

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Go Fedora Beegfs Csi Driver
NVD GitHub
CVSS 3.1
5.3
EPSS
2.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy