Skip to main content
CVE-2022-31101 HIGH POC PATCH THREAT This Week

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Blockwishlist
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
24.1%
CVE-2022-33007 HIGH POC This Week

TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tew 752Dru Firmware Tew 751Dr Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-2214 HIGH POC This Week

A vulnerability was found in SourceCodester Library Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-2212 HIGH POC This Week

A vulnerability was found in SourceCodester Library Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Library Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-31092 HIGH POC PATCH This Week

Pimcore is an Open Source Data & Experience Management Platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SQLi Apple Pimcore
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2022-31084 HIGH POC PATCH This Week

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
2.3%
CVE-2022-1903 HIGH POC This Week

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Armember
NVD WPScan
CVSS 3.1
8.1
EPSS
8.5%
CVE-2022-1572 HIGH POC This Week

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Html2Wp
NVD WPScan
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-2210 HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-2207 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-0722 HIGH POC PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Parse Url
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-1977 HIGH POC This Week

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Import All Pages Post Types Products Orders And Users As Xml Csv
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-31086 HIGH PATCH This Week

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP RCE Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-31034 HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-33202 HIGH This Week

Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass L2Blocker
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-31087 HIGH PATCH This Week

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

PHP RCE Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-31091 HIGH PATCH This Week

Guzzle, an extensible PHP HTTP client. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Debian Linux
NVD GitHub
CVSS 3.1
7.7
EPSS
1.4%
CVE-2022-31090 HIGH PATCH This Week

Guzzle, an extensible PHP HTTP client. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Debian Linux
NVD GitHub
CVSS 3.1
7.7
EPSS
1.8%
CVE-2022-31103 HIGH PATCH This Week

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Lettersanitizer
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-31098 HIGH PATCH This Week

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Weave Gitops
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-31093 HIGH PATCH This Week

NextAuth.js is a complete open source authentication solution for Next.js applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Next Auth
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-31089 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Parse Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28622 HIGH This Week

A potential security vulnerability has been identified in HPE StoreOnce Software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Storeonce 3640 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-28168 HIGH This Week

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sannav
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-28166 HIGH This Week

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 &. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sannav
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-26477 HIGH PATCH This Week

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Systemds
NVD
CVSS 3.1
7.5
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy