Skip to main content
CVE-2022-34132 CRITICAL POC PATCH Act Now

Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-31887 CRITICAL POC Act Now

Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Marval Msm
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31885 CRITICAL POC THREAT Act Now

Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Marval Msm
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
31.3%
CVE-2022-31106 CRITICAL POC PATCH Act Now

Underscore.deep is a collection of Underscore mixins that operate on nested objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Underscore Deep
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31056 CRITICAL POC Act Now

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Glpi
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
8.6%
CVE-2022-33108 HIGH POC This Week

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Xpdf
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-0624 HIGH POC PATCH This Week

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Parse Path
NVD GitHub
CVSS 3.1
7.3
EPSS
0.9%
CVE-2022-31884 MEDIUM POC This Month

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Marval Msm
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-31886 MEDIUM POC This Month

Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Marval Msm
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-31108 MEDIUM POC PATCH This Month

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mermaid
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-31230 CRITICAL Act Now

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-31061 CRITICAL PATCH Act Now

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
50.9%
CVE-2022-2231 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-23896 MEDIUM POC PATCH This Month

Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Admidio
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0085 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Dompdf
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-34134 HIGH PATCH This Week

Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF PHP
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-31883 HIGH This Week

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Marval Msm
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23763 HIGH This Week

Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Neors
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-30707 HIGH This Week

Violation of secure design principles exists in the communication of CAMS for HIS. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Centum Cs 3000 Firmware Centum Cs 3000 Entry Class Firmware Centum Vp Firmware Centum Vp Entry Class Firmware +3
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-29858 MEDIUM POC PATCH This Month

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Assets
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2022-2145 HIGH This Week

Cloudflare WARP client for Windows (up to v. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Warp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28621 HIGH This Week

A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nonstop Distributed Systems Management Software Configuration Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-34750 HIGH This Week

An issue was discovered in MediaWiki through 1.38.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mediawiki
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-29519 HIGH This Week

Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Stardom Fcj Firmware Stardom Fcn Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-30563 HIGH This Week

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ipc Hdbw2431E S S2 Firmware Ipc Hdbw2831E S S2 Firmware Ipc Hdbw2230E S S2 Firmware Ipc Hdbw2831R Zs S2 Firmware +36
NVD
CVSS 3.1
7.4
EPSS
0.9%
CVE-2022-30560 HIGH This Week

When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Ipc Hdbw2431E S S2 Firmware Ipc Hdbw2831E S S2 Firmware Ipc Hdbw2230E S S2 Firmware Ipc Hdbw2831R Zs S2 Firmware +36
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2022-30997 HIGH This Week

Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Stardom Fcj Firmware Stardom Fcn Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-24444 MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.10 allows Session Fixation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Silverstripe
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-31052 MEDIUM PATCH This Month

Synapse is an open source home server implementation for the Matrix chat network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-34133 MEDIUM PATCH This Month

Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-30561 MEDIUM This Month

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ipc Hdbw2431E S S2 Firmware Ipc Hdbw2831E S S2 Firmware Ipc Hdbw2230E S S2 Firmware Ipc Hdbw2831R Zs S2 Firmware +36
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-31104 MEDIUM PATCH This Month

Wasmtime is a standalone runtime for WebAssembly. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Cranelift Codegen Wasmtime
NVD GitHub
CVSS 3.1
5.6
EPSS
1.6%
CVE-2022-25238 MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-31068 MEDIUM PATCH This Month

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-31229 MEDIUM This Month

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-30562 MEDIUM This Month

If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Ipc Hdbw2431E S S2 Firmware Ipc Hdbw2831E S S2 Firmware Ipc Hdbw2230E S S2 Firmware Ipc Hdbw2831R Zs S2 Firmware +36
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2022-0987 LOW Monitor

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Packagekit Enterprise Linux
NVD
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy