Skip to main content
CVE-2022-34300 HIGH POC This Week

In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tinyexr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-31395 HIGH POC This Week

Algo Communication Products Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal 8373 Ip Zone Paging Adapter Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-31362 HIGH POC THREAT This Week

Docebo Community Edition v4.0.5 and below was discovered to contain an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Docebo
NVD
CVSS 3.1
8.8
EPSS
17.8%
CVE-2022-34299 HIGH POC PATCH This Week

There is a heap-based buffer over-read in libdwarf 0.4.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libdwarf
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-2183 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-2182 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-33034 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-33033 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-33032 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-33028 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-33027 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-33026 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-33025 HIGH POC This Week

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-2175 HIGH POC PATCH This Week

Buffer Over-read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-34296 HIGH POC PATCH This Week

In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Skipper
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-33105 HIGH POC PATCH This Week

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2022-33097 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33096 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33095 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-33094 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33093 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33092 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33024 HIGH POC This Week

There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-33114 HIGH POC This Week

Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-34203 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Easyqa
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-34200 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Convertigo Mobile Platform
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-32553 HIGH This Week

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Purity Fa Purity Fb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32552 HIGH This Week

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Python Purity Fa Purity Fb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32536 HIGH This Week

The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Pra Es8P2S Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-22967 HIGH PATCH This Week

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Salt
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-2147 HIGH This Week

Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Microsoft Warp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26864 HIGH This Week

Prior Dell BIOS versions contain an Input Validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Alienware M15 R5 Firmware G15 5515 Firmware G5 Se 5505 Firmware +31
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26863 HIGH This Week

Prior Dell BIOS versions contain an Input Validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Alienware M15 R5 Firmware G15 5515 Firmware G5 Se 5505 Firmware +31
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26862 HIGH This Week

Prior Dell BIOS versions contain an Input Validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Alienware M15 R5 Firmware G15 5515 Firmware G5 Se 5505 Firmware +31
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34180 HIGH PATCH This Week

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Embeddable Build Status
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-34179 HIGH PATCH This Week

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Path Traversal Embeddable Build Status
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-34177 HIGH PATCH This Week

Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Path Traversal Pipeline
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-34175 HIGH PATCH This Week

Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-34174 HIGH PATCH This Week

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy