Skip to main content
CVE-2022-35857 CRITICAL POC Act Now

kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Authentication Bypass RCE Kvf Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-28888 CRITICAL POC Act Now

Spryker Commerce OS 1.4.2 allows Remote Command Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cloud Commerce
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2022-32114 HIGH POC This Week

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Strapi
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-34753 HIGH POC PATCH THREAT This Week

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Spacelogic C Bus Home Controller Firmware
NVD
CVSS 3.1
8.8
EPSS
71.1%
CVE-2022-32117 HIGH POC This Week

Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34756 CRITICAL PATCH Act Now

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

RCE Buffer Overflow Easergy P5 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-20238 CRITICAL PATCH Act Now

'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20229 CRITICAL PATCH Act Now

In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-20222 CRITICAL PATCH Act Now

In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-20216 CRITICAL Act Now

android exported is used to set third-party app access permissions, and the default value of intent-filter is true. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-32073 CRITICAL PATCH Act Now

WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Wolfssh
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-32065 MEDIUM POC PATCH This Month

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS File Upload Ruoyi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-32274 MEDIUM POC This Month

The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian The Scheduler
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-20223 HIGH PATCH This Week

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20220 HIGH PATCH This Week

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Path Traversal Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20218 HIGH This Week

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20212 HIGH This Week

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-34764 HIGH PATCH This Week

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-34763 HIGH PATCH This Week

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-34762 HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-34761 HIGH PATCH This Week

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34760 HIGH PATCH This Week

A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-34759 HIGH PATCH This Week

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Memory Corruption Buffer Overflow Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22982 HIGH This Week

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware SSRF Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-20236 HIGH PATCH This Week

A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Buffer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20234 HIGH PATCH This Week

In Car Settings app, the NotificationAccessConfirmationActivity is exported. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-20224 HIGH PATCH This Week

In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-32096 HIGH PATCH This Week

Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Rhonabwy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31781 HIGH PATCH This Week

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tapestry
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-34754 MEDIUM PATCH This Month

A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Acti9 Powertag Link C A9Xelc10 A Firmware Acti9 Powertag Link C A9Xelc10 B Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-31145 MEDIUM PATCH This Month

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Flyteadmin
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-20228 MEDIUM PATCH This Month

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Google Use After Free Information Disclosure +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-20221 MEDIUM PATCH This Month

In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-20217 MEDIUM This Month

There is a unauthorized broadcast in the SprdContactsProvider. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-32308 MEDIUM PATCH This Month

Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Ublock Origin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32074 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Osticket
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.4%
CVE-2022-2380 MEDIUM PATCH This Month

The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Information Disclosure Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20230 MEDIUM PATCH This Month

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20227 MEDIUM PATCH This Month

In USB driver, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20225 MEDIUM PATCH This Month

In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20219 MEDIUM This Month

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Java Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-34358 MEDIUM PATCH This Month

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34765 MEDIUM PATCH This Month

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-34757 MEDIUM PATCH This Month

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Easergy P5 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-34758 MEDIUM PATCH This Month

A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Easergy P5 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2022-20226 LOW PATCH Monitor

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
3.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy