Skip to main content
CVE-2022-30929 HIGH POC This Week

Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tomcat Information Disclosure Mini Tmall
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-31129 HIGH POC PATCH This Week

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Moment Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
4.9%
CVE-2022-30591 HIGH POC This Week

quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Quic Go
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-28935 HIGH POC This Week

Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware A3100R Firmware A950rg Firmware A800R Firmware +2
NVD
CVSS 3.1
7.2
EPSS
3.2%
CVE-2022-20859 HIGH This Week

A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Unified Communications Manager Unified Communications Manager Im And Presence Service Unity Connection
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-30619 HIGH This Week

Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Agilepoint Nx
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-21768 HIGH This Week

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-21767 HIGH This Week

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-24138 HIGH This Week

IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure RCE Path Traversal Advanced Systemcare
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-24139 HIGH This Week

In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Advanced System Care
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-23714 HIGH This Week

A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Elastic Endpoint Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-21777 HIGH This Week

In Autoboot, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-26078 HIGH This Week

Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Controller 6000 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-33738 HIGH This Week

OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openvpn Access Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33737 HIGH This Week

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openvpn Access Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-22681 HIGH This Week

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Session Fixation Synology Photo Station
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-20082 HIGH This Week

In GPU, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Race Condition Denial Of Service Android
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy