Skip to main content
CVE-2022-34835 CRITICAL POC PATCH CISA Act Now

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow U Boot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
Threat
5.5
CVE-2022-33329 CRITICAL POC Act Now

Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-33328 CRITICAL POC Act Now

Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-33327 CRITICAL POC Act Now

Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-33326 CRITICAL POC Act Now

Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-33325 CRITICAL POC Act Now

Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-33314 CRITICAL POC Act Now

Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-33313 CRITICAL POC Act Now

Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-33312 CRITICAL POC Act Now

Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-32585 CRITICAL POC Act Now

A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-28127 CRITICAL POC THREAT Act Now

A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure R1510 Firmware
NVD
CVSS 3.1
9.1
EPSS
35.2%
CVE-2022-31115 HIGH POC PATCH This Week

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Elastic Opensearch
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-2257 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-33087 HIGH POC This Week

A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption TP-Link Buffer Overflow Archer A5 Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-33082 HIGH POC PATCH This Week

An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Policy Agent
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-33085 HIGH POC This Week

ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Espcms P8
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-2058 MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Active Iq Unified Manager Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-2057 MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Active Iq Unified Manager Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-2056 MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Active Iq Unified Manager Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-2197 CRITICAL Act Now

By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rme1 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-22487 CRITICAL PATCH Act Now

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Spectrum Protect Server
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-33043 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Urtracker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34793 HIGH This Week

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Recipe
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-22472 HIGH This Week

IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes IBM Red Hat Spectrum Protect Plus Container Backup And Restore
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-1955 MEDIUM POC This Month

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Session
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2022-23720 HIGH This Week

PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pingid Integration For Windows Login
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-31112 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Node.js Information Disclosure Parse Server
NVD GitHub
CVSS 3.1
8.2
EPSS
1.2%
CVE-2022-23718 HIGH This Week

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Pingid Integration For Windows Login
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2022-34792 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Recipe
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2022-22474 HIGH PATCH This Week

IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Spectrum Protect Client
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-34816 MEDIUM This Month

Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Hpe Network Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34810 MEDIUM This Month

A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rqm
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34809 MEDIUM This Month

Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Rqm
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34807 MEDIUM This Month

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elastic Jenkins Elasticsearch Query
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34806 MEDIUM This Month

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Jigomerge
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34805 MEDIUM This Month

Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Skype Notifier
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34794 MEDIUM This Month

Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Recipe
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34789 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Matrix Reloaded
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-34781 MEDIUM PATCH This Month

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Xebialabs Xl Release
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34780 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Xebialabs Xl Release
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-22496 MEDIUM PATCH This Month

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-26135 MEDIUM This Month

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Atlassian Jira Data Center Jira Server Jira Service Desk +1
NVD
CVSS 3.1
6.5
EPSS
71.2%
CVE-2022-23719 MEDIUM This Month

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. Rated medium severity (CVSS 6.4). No vendor patch available.

Denial Of Service Java Microsoft Pingid Integration For Windows Login
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2022-23725 MEDIUM This Month

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pingid Integration For Windows Login
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-23717 MEDIUM This Month

PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Pingid Integration For Windows Login
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22478 MEDIUM PATCH This Month

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-2078 MEDIUM PATCH This Month

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Stack Overflow Linux Buffer Overflow Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-1852 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Linux Null Pointer Dereference Linux Kernel +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-34795 MEDIUM This Month

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Deployment Dashboard
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34791 MEDIUM This Month

Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Validating Email Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy