Skip to main content
CVE-2022-33108 HIGH POC This Week

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Xpdf
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-0624 HIGH POC PATCH This Week

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Parse Path
NVD GitHub
CVSS 3.1
7.3
EPSS
0.9%
CVE-2022-34134 HIGH PATCH This Week

Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF PHP
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-31883 HIGH This Week

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Marval Msm
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23763 HIGH This Week

Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Neors
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-30707 HIGH This Week

Violation of secure design principles exists in the communication of CAMS for HIS. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Centum Cs 3000 Firmware Centum Cs 3000 Entry Class Firmware Centum Vp Firmware Centum Vp Entry Class Firmware +3
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2145 HIGH This Week

Cloudflare WARP client for Windows (up to v. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Warp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28621 HIGH This Week

A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nonstop Distributed Systems Management Software Configuration Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-34750 HIGH This Week

An issue was discovered in MediaWiki through 1.38.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mediawiki
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-29519 HIGH This Week

Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Stardom Fcj Firmware Stardom Fcn Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-30563 HIGH This Week

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ipc Hdbw2431E S S2 Firmware Ipc Hdbw2831E S S2 Firmware Ipc Hdbw2230E S S2 Firmware Ipc Hdbw2831R Zs S2 Firmware +36
NVD
CVSS 3.1
7.4
EPSS
0.9%
CVE-2022-30560 HIGH This Week

When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Ipc Hdbw2431E S S2 Firmware Ipc Hdbw2831E S S2 Firmware Ipc Hdbw2230E S S2 Firmware Ipc Hdbw2831R Zs S2 Firmware +36
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2022-30997 HIGH This Week

Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Stardom Fcj Firmware Stardom Fcn Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy