Skip to main content
CVE-2022-26352 CRITICAL POC KEV THREAT Emergency

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Dotcms
NVD
CVSS 3.1
9.8
EPSS
91.5%
CVE-2022-32985 CRITICAL POC Act Now

libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gigaswitch 641 Desk V5 Sfp Vi Firmware Gigaswitch 642 Desk V5 Sfp 2Vi Firmware Gigaswitch V5 2Tp Pd F Sfp Vi 54Vdc Firmware Gigaswitch V5 2Tp Pse Sfp Vi 54Vdc Firmware +9
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-31211 CRITICAL POC Act Now

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Iray A8Z3 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-26479 CRITICAL POC Act Now

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eagleeye Director Ii Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-26481 HIGH POC This Week

An issue was discovered in Poly Studio before 3.7.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Studio X30 Firmware Studio X70 Firmware G7500 Firmware Studio X50 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-1672 HIGH POC This Week

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google CSRF WordPress Insights From Google Pagespeed
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-31213 HIGH POC PATCH This Week

An issue was discovered in dbus-broker before 31. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Dbus Broker
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-31212 HIGH POC PATCH This Week

An issue was discovered in dbus-broker before 31. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Dbus Broker
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-26482 HIGH POC THREAT This Week

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Eagleeye Director Ii Firmware
NVD
CVSS 3.1
7.2
EPSS
22.3%
CVE-2022-31202 MEDIUM POC This Month

The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Softguard Web
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-31260 MEDIUM POC This Month

In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Resourcespace
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-2187 MEDIUM POC This Month

The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Contact Form 7 Captcha
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-2173 MEDIUM POC This Month

The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Advanced Database Cleaner
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-2168 MEDIUM POC This Month

The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Download Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-2146 MEDIUM POC This Month

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Import Csv Files
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-2090 MEDIUM POC This Month

The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Discount Rules For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1933 MEDIUM POC This Month

The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users),. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Collect And Deliver Interface For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-31210 CRITICAL Act Now

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iray A8Z3 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31209 CRITICAL Act Now

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Iray A8Z3 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-31201 MEDIUM POC This Month

SoftGuard Web (SGW) before 5.1.5 allows HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Softguard Web
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30982 MEDIUM POC This Month

An issue was discovered in Gentics CMS before 5.43.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gentics Cms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2133 MEDIUM POC This Month

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Oauth Single Sign On
NVD WPScan
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-2222 MEDIUM POC This Month

The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal WordPress Information Disclosure Download Monitor
NVD WPScan
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-31208 HIGH This Week

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Iray A8Z3 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-30981 HIGH This Week

An issue was discovered in Gentics CMS before 5.43.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java RCE Gentics Cms
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30550 HIGH PATCH This Week

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Privilege Escalation Authentication Bypass Dovecot Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-32320 HIGH This Week

A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ferdium Ferdi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2194 MEDIUM POC This Month

The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Accept Stripe
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2186 MEDIUM POC This Month

The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple Post Notes
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2169 MEDIUM POC This Month

The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Loading Page With Loading Screen
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2151 MEDIUM POC This Month

The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Best Contact Management Software
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2149 MEDIUM POC This Month

The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Very Simple Breadcrumb
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2148 MEDIUM POC This Month

The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Linkedin Company Updates
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2118 MEDIUM POC This Month

The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress 404S
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2114 MEDIUM POC This Month

The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Data Tables Generator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2100 MEDIUM POC This Month

The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Page Generator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2099 MEDIUM POC PATCH This Month

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Woocommerce
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2144 MEDIUM POC This Month

The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Jquery Validation For Contact Form 7
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-27933 HIGH This Week

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2022-26656 HIGH This Week

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2022-28809 HIGH This Week

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Buffer Overflow Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28808 HIGH This Week

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28807 HIGH This Week

An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-35861 HIGH PATCH This Week

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Pyenv
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33903 HIGH PATCH This Week

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Tor
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32263 HIGH This Week

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-29286 HIGH This Week

Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-27937 HIGH This Week

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-27936 HIGH This Week

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-27935 HIGH This Week

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pexip Infinity
NVD
CVSS 3.1
7.5
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy