Skip to main content
CVE-2022-25048 HIGH POC THREAT This Week

Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Webpanel
NVD GitHub
CVSS 3.1
8.8
EPSS
18.6%
CVE-2022-2191 HIGH POC PATCH This Week

In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jetty
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-32058 HIGH POC This Week

An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr741N Firmware Tl Wr742N Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-32055 HIGH POC This Week

Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Inout Homestay
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-2339 HIGH POC PATCH This Week

With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Nocodb
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-31854 HIGH POC THREAT This Week

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Codoforum
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
32.2%
CVE-2022-33996 HIGH This Week

Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Devolutions Server
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-33680 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Google Microsoft Information Disclosure Edge Chromium
NVD
CVSS 3.1
8.3
EPSS
1.7%
CVE-2022-32481 HIGH PATCH This Week

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dell Docker Powerprotect Cyber Recovery
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2048 HIGH PATCH This Week

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jetty Debian Linux Element Plug In For Vcenter Server Management Services For Element Software And Netapp Hci +4
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-31135 HIGH PATCH This Week

Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Akashi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-31121 HIGH PATCH This Week

Hyperledger Fabric is a permissioned distributed ledger framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fabric
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy