Skip to main content
CVE-2022-32417 CRITICAL POC THREAT Act Now

PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection Pbootcms
NVD GitHub
CVSS 3.1
9.8
EPSS
33.3%
CVE-2022-32409 CRITICAL POC THREAT Act Now

A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal I3Geo
NVD GitHub
CVSS 3.1
9.8
EPSS
12.6%
CVE-2022-28375 CRITICAL POC Act Now

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-28373 CRITICAL POC Act Now

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lvskihp Indoorunit Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-28369 CRITICAL POC Act Now

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lvskihp Indoorunit Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-32415 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-28374 HIGH POC This Week

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-32298 HIGH POC This Week

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Toybox
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-32297 HIGH POC This Week

Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Piwigo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-28377 HIGH POC This Week

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Lvskihp Indoorunit Firmware Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-28372 HIGH POC This Week

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lvskihp Indoorunit Firmware Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-28371 HIGH POC This Week

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lvskihp Indoorunit Firmware Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-28370 HIGH POC This Week

On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lvskihp Outdoorunit Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-32416 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32215 MEDIUM POC PATCH THREAT This Month

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Request Smuggling Llhttp Node Js +4
NVD
CVSS 3.1
6.5
EPSS
68.8%
CVE-2022-32214 MEDIUM POC PATCH THREAT This Month

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Request Smuggling Llhttp Node Js +2
NVD
CVSS 3.1
6.5
EPSS
81.5%
CVE-2022-32213 MEDIUM POC PATCH THREAT This Month

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Request Smuggling Llhttp Node Js +4
NVD
CVSS 3.1
6.5
EPSS
42.0%
CVE-2022-32210 MEDIUM POC PATCH This Month

`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Undici
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-34094 MEDIUM POC This Month

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS I3Geo
NVD GitHub
CVSS 3.1
6.1
EPSS
2.8%
CVE-2022-34093 MEDIUM POC This Month

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS I3Geo
NVD GitHub
CVSS 3.1
6.1
EPSS
2.8%
CVE-2022-34092 MEDIUM POC This Month

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS I3Geo
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-29593 MEDIUM POC THREAT This Month

relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Dt R004 Firmware
NVD Exploit-DB
CVSS 3.1
5.9
EPSS
12.9%
CVE-2022-30113 CRITICAL Act Now

Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Electronic Mall System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-32406 MEDIUM POC This Month

GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Gtkradiant
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-32317 MEDIUM POC This Month

The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Mplayer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-2396 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple E Learning System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-32222 MEDIUM POC This Month

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

OpenSSL Node.js Information Disclosure Node Js Sinec Ins
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-30024 HIGH This Week

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Buffer Overflow RCE Tl Wr841 Firmware Tl Wr841n Firmware +1
NVD VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-25801 CRITICAL PATCH Act Now

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Request Tracker For Incident Response
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-25800 CRITICAL PATCH Act Now

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Request Tracker For Incident Response
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-32212 HIGH This Week

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Command Injection Node.js Node Js Debian Linux +2
NVD
CVSS 3.1
8.1
EPSS
5.9%
CVE-2022-32389 HIGH This Week

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Swift
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-31147 HIGH PATCH This Week

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jquery Validation
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-31142 HIGH PATCH This Week

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bearer Auth
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-22460 HIGH PATCH This Week

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22453 HIGH PATCH This Week

IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-22452 HIGH PATCH This Week

IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Verify Governance
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-28876 HIGH This Week

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlant Cloud Protection For Salesforce Elements Collaboration Protection Internet Gatekeeper +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-32323 HIGH PATCH This Week

AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Autotrace Fedora
NVD GitHub
CVSS 3.1
7.3
EPSS
0.9%
CVE-2022-32223 HIGH PATCH This Week

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Microsoft OpenSSL Node.js Information Disclosure Node Js
NVD
CVSS 3.1
7.3
EPSS
1.7%
CVE-2022-23825 MEDIUM This Month

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux Fedora Athlon X4 750 Firmware +123
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2406 MEDIUM This Month

The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mattermost
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2401 MEDIUM PATCH This Month

Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35283 MEDIUM PATCH This Month

IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Security Verify Information Queue
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-22477 MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32225 MEDIUM PATCH This Month

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Management Pack
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-25803 MEDIUM PATCH This Month

Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Request Tracker
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-25802 MEDIUM PATCH This Month

Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Request Tracker
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-2393 MEDIUM This Month

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Pki Core Certificate System Enterprise Linux
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2022-1662 MEDIUM PATCH This Month

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Red Hat Information Disclosure Convert2Rhel
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy