Skip to main content
CVE-2022-33098 MEDIUM POC THREAT This Month

Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.5%.

XSS Magnolia Cms
NVD Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
50.5%
Threat
4.2
CVE-2022-34592 CRITICAL POC Act Now

Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn575A3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-32449 CRITICAL POC THREAT Act Now

TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex300 V2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
18.4%
CVE-2022-32056 CRITICAL POC Act Now

Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Accreditation Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-32054 CRITICAL POC THREAT Act Now

Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda RCE Command Injection Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
31.7%
CVE-2022-32207 CRITICAL POC Act Now

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2022-25046 CRITICAL POC THREAT Act Now

A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Path Traversal Webpanel
NVD GitHub
CVSS 3.1
9.8
EPSS
53.5%
CVE-2022-25048 HIGH POC THREAT This Week

Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Webpanel
NVD GitHub
CVSS 3.1
8.8
EPSS
18.6%
CVE-2022-2191 HIGH POC PATCH This Week

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jetty
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-32058 HIGH POC This Week

An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr741N Firmware Tl Wr742N Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-32055 HIGH POC This Week

Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Inout Homestay
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-2339 HIGH POC PATCH This Week

With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Nocodb
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-31854 HIGH POC THREAT This Week

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Codoforum
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
32.2%
CVE-2022-32206 MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
6.5
EPSS
32.0%
CVE-2022-34007 MEDIUM POC This Month

EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Integrity Line
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-32208 MEDIUM POC This Month

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
5.9
EPSS
6.8%
CVE-2022-25047 MEDIUM POC This Month

The password reset token in CWP v0.9.8.1126 is generated using known or predictable values. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
5.9
EPSS
1.8%
CVE-2022-33936 CRITICAL Act Now

Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Cloud Mobility For Dell Emc Storage
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-32441 MEDIUM POC This Month

A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Ida
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32567 MEDIUM POC This Month

The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Jira Misc Custom Fields
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2342 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Outline
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-32061 MEDIUM POC This Month

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Snipe It
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-32060 MEDIUM POC This Month

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Snipe It
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2022-33996 HIGH This Week

Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Devolutions Server
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-33680 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Google Microsoft Information Disclosure Edge Chromium
NVD
CVSS 3.1
8.3
EPSS
1.7%
CVE-2022-32205 MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
4.3
EPSS
26.9%
CVE-2022-32481 HIGH PATCH This Week

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dell Docker Powerprotect Cyber Recovery
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2048 HIGH PATCH This Week

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jetty Debian Linux Element Plug In For Vcenter Server Management Services For Element Software And Netapp Hci +4
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-31135 HIGH PATCH This Week

Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Akashi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-31121 HIGH PATCH This Week

Hyperledger Fabric is a permissioned distributed ledger framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fabric
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-31136 MEDIUM PATCH This Month

Bookwyrm is an open source social reading and reviewing program. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bookwyrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-31029 MEDIUM PATCH This Month

AdminLTE is a Pi-hole Dashboard for stats and configuration. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adminlte
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-31133 MEDIUM PATCH This Month

HumHub is an Open Source Enterprise Social Network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Humhub
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-28889 MEDIUM PATCH This Month

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Druid
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2022-2047 LOW PATCH Monitor

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Jetty Debian Linux Element Plug In For Vcenter Server Management Services For Element Software And Netapp Hci +3
NVD GitHub
CVSS 3.1
2.7
EPSS
1.2%
CVE-2022-23744 LOW Monitor

Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Checkpoint Information Disclosure Endpoint Security Harmony Endpoint
NVD
CVSS 3.1
2.3
EPSS
4.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy