Skip to main content
CVE-2022-31137 CRITICAL POC PATCH THREAT Act Now

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Apache Command Injection Nginx Roxy Wi
NVD GitHub
CVSS 3.1
9.8
EPSS
90.4%
CVE-2022-35411 CRITICAL POC PATCH THREAT Act Now

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Rpc Py
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
45.9%
CVE-2022-33011 HIGH POC This Week

Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Known
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-2345 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0046. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-2344 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-2343 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-35410 HIGH POC PATCH This Week

mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mat2 Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-32115 MEDIUM POC This Month

An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Known
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-34914 CRITICAL Act Now

Webswing before 22.1.3 allows X-Forwarded-For header injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Webswing
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28623 CRITICAL Act Now

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP SQLi Red Hat Icewall Sso Certd
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-1245 CRITICAL PATCH Act Now

A privilege escalation flaw was found in the token exchange feature of keycloak. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Microsoft Keycloak
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-31290 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Known
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-22476 HIGH PATCH This Week

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Open Liberty Websphere Application Server
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-30852 MEDIUM POC This Month

Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Known
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-22465 HIGH PATCH This Week

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22464 HIGH PATCH This Week

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22463 MEDIUM PATCH This Month

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM SQLi Security Verify Access
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-22370 MEDIUM PATCH This Month

IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Verify Access
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-34306 MEDIUM PATCH This Month

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-34167 MEDIUM PATCH This Month

IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-34166 MEDIUM PATCH This Month

IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-34160 MEDIUM PATCH This Month

IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-35412 MEDIUM This Month

Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Digital Guardian
NVD GitHub
CVSS 3.1
5.1
EPSS
0.2%
CVE-2022-28624 MEDIUM This Month

A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Flexnetwork 5130 Ei Firmware Flexfabric 5945 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-35406 MEDIUM PATCH This Month

A URL disclosure issue was discovered in Burp Suite before 2022.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Burp Suite
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy