Skip to main content
CVE-2022-31115 HIGH POC PATCH This Week

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Elastic Opensearch
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-2257 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-33087 HIGH POC This Week

A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption TP-Link Buffer Overflow Archer A5 Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-33082 HIGH POC PATCH This Week

An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Policy Agent
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-33085 HIGH POC This Week

ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Espcms P8
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-34793 HIGH This Week

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Recipe
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-22472 HIGH This Week

IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes IBM Red Hat Spectrum Protect Plus Container Backup And Restore
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-23720 HIGH This Week

PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pingid Integration For Windows Login
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-31112 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Node.js Information Disclosure Parse Server
NVD GitHub
CVSS 3.1
8.2
EPSS
1.2%
CVE-2022-23718 HIGH This Week

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Pingid Integration For Windows Login
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2022-34792 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Recipe
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2022-22474 HIGH PATCH This Week

IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Spectrum Protect Client
NVD
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy