Skip to main content
CVE-2022-1518 CRITICAL Act Now

LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Local Run Manager
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-1517 CRITICAL Act Now

LRM utilizes elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Local Run Manager
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-31806 CRITICAL Act Now

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-31802 CRITICAL Act Now

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gateway
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-32990 MEDIUM POC This Month

An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gimp
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-33910 MEDIUM POC PATCH This Month

An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mantisbt
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-30117 CRITICAL PATCH Act Now

Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Concrete Cms
NVD
CVSS 3.1
9.1
EPSS
2.0%
CVE-2022-2105 CRITICAL Act Now

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-2103 CRITICAL Act Now

An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-1521 CRITICAL Act Now

LRM does not implement authentication or authorization by default. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Local Run Manager
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-29330 MEDIUM POC This Month

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vitalpbx
NVD VulDB
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-33122 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-32143 HIGH This Week

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Information Disclosure Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32138 HIGH This Week

In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32137 HIGH This Week

In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-32142 HIGH This Week

Multiple CODESYS Products are prone to a out-of bounds read or write access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-1965 HIGH This Week

Multiple products of CODESYS implement a improper error handling. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-21046 HIGH This Week

A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Eagleget
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28619 HIGH This Week

A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Control Repository Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32530 HIGH This Week

A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Geo Scada Mobile
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-1746 HIGH This Week

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Imagecast X
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2022-22390 HIGH This Week

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Microsoft Information Disclosure Db2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-2102 HIGH This Week

Controls limiting uploads to certain file extensions may be bypassed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1667 HIGH This Week

Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31805 HIGH This Week

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Development System Edge Gateway Gateway Hmi Sl +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31804 HIGH This Week

The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gateway
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-1745 MEDIUM This Month

The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-1744 MEDIUM This Month

Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-1743 MEDIUM This Month

The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-1742 MEDIUM This Month

The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-1741 MEDIUM This Month

The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-1739 MEDIUM This Month

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2022-22389 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft SQLi Db2
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-2121 MEDIUM This Month

OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Dcmtk
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1666 MEDIUM This Month

The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-32141 MEDIUM This Month

Multiple CODESYS Products are prone to a buffer over read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-32140 MEDIUM This Month

Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-32139 MEDIUM This Month

In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-32136 MEDIUM This Month

In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-30120 MEDIUM PATCH This Month

XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-30119 MEDIUM This Month

XSS in /dashboard/reports/logs/view - old browsers only. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-30118 MEDIUM This Month

Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-30028 MEDIUM This Month

Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Dradis
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-1524 MEDIUM This Month

LRM version 2.4 and lower does not implement TLS encryption. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Local Run Manager
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-29096 MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Information Disclosure Wyse Management Suite
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-27238 MEDIUM This Month

BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bigbluebutton
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-22502 MEDIUM This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29578 MEDIUM This Month

Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Meridian
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-31803 MEDIUM This Month

In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gateway
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-29097 MEDIUM This Month

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Wyse Management Suite
NVD
CVSS 3.1
4.9
EPSS
1.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy