Skip to main content
CVE-2022-32114 HIGH POC This Week

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Strapi
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-34753 HIGH POC PATCH THREAT This Week

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Spacelogic C Bus Home Controller Firmware
NVD
CVSS 3.1
8.8
EPSS
71.1%
CVE-2022-32117 HIGH POC This Week

Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-20223 HIGH PATCH This Week

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20220 HIGH PATCH This Week

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Path Traversal Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20218 HIGH This Week

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20212 HIGH This Week

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-34764 HIGH PATCH This Week

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-34763 HIGH PATCH This Week

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-34762 HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-34761 HIGH PATCH This Week

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34760 HIGH PATCH This Week

A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-34759 HIGH PATCH This Week

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Memory Corruption Buffer Overflow Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22982 HIGH This Week

The vCenter Server contains a server-side request forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware SSRF Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-20236 HIGH PATCH This Week

A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Buffer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-20234 HIGH PATCH This Week

In Car Settings app, the NotificationAccessConfirmationActivity is exported. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-20224 HIGH PATCH This Week

In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-32096 HIGH PATCH This Week

Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Rhonabwy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31781 HIGH PATCH This Week

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tapestry
NVD
CVSS 3.1
7.5
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy