Skip to main content
CVE-2022-34918 HIGH POC PATCH Act Now

An issue was discovered in the Linux kernel through 5.18.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +6
NVD
CVSS 3.1
7.8
EPSS
5.5%
CVE-2022-34265 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Python Django
NVD
CVSS 3.1
9.8
EPSS
73.3%
CVE-2022-33171 CRITICAL POC PATCH THREAT Act Now

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Typeorm
NVD GitHub
CVSS 3.1
9.8
EPSS
20.3%
CVE-2022-2268 HIGH POC This Week

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Wp All Import
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-1967 MEDIUM POC This Month

The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Wp Championship
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1946 MEDIUM POC This Month

The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-0250 MEDIUM POC This Month

The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Redirection For Contact Form 7
NVD WPScan
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-2301 MEDIUM POC PATCH This Month

Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Chafa
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-2300 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1301 MEDIUM POC This Month

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Contact Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-33948 HIGH This Week

HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Home Spot Cube 2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-34151 HIGH This Week

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nx701 1600 Firmware Nx701 1700 Firmware Nx701 Z700 Firmware Nx701 Z600 Firmware +53
NVD VulDB
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-31600 HIGH This Week

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Integer Overflow Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-31599 HIGH This Week

NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Nvidia Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-29484 HIGH This Week

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-33208 HIGH This Week

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nx701 1600 Firmware Nx701 1700 Firmware Nx701 Z700 Firmware Nx701 Z600 Firmware +53
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2022-33971 HIGH This Week

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Nx701 1600 Firmware Nx701 1700 Firmware Nx701 Z700 Firmware Nx701 Z600 Firmware +48
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-34829 HIGH PATCH This Week

Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2022-32284 HIGH This Week

Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aw810D Firmware
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2022-31603 MEDIUM This Month

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Information Disclosure Dgx A100 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-31602 MEDIUM This Month

NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Nvidia Information Disclosure +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-31601 MEDIUM This Month

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Nvidia Information Disclosure +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-29892 MEDIUM This Month

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-27627 MEDIUM This Month

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-26368 MEDIUM This Month

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-28713 MEDIUM This Month

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-29513 MEDIUM This Month

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-29471 MEDIUM This Month

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-29467 MEDIUM This Month

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-28718 MEDIUM This Month

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-28692 MEDIUM This Month

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-27807 MEDIUM This Month

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-27803 MEDIUM This Month

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-27661 MEDIUM This Month

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-26054 MEDIUM This Month

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-26051 MEDIUM This Month

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy