Skip to main content
CVE-2022-1565 HIGH POC PATCH THREAT Act Now

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.8%.

RCE PHP File Upload Wp All Import
NVD Exploit-DB VulDB
CVSS 3.1
7.2
EPSS
51.8%
Threat
4.5
CVE-2022-33891 HIGH POC KEV PATCH THREAT Act Now

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection Spark
NVD
CVSS 3.1
8.8
EPSS
93.0%
CVE-2022-34635 CRITICAL POC Act Now

The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a does not update when the mstatus.fs field is set to Dirty. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-27434 CRITICAL POC Act Now

UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Teta
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34029 CRITICAL POC Act Now

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Buffer Overflow Information Disclosure Njs
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-24688 HIGH POC This Week

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE SQLi File Upload Dsknet
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-24690 HIGH POC This Week

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dsknet
NVD GitHub
CVSS 3.1
8.2
EPSS
1.0%
CVE-2022-2437 CRITICAL PATCH Act Now

The Feed Them Social - for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Feed Them Social
NVD VulDB
CVSS 3.1
9.8
EPSS
9.1%
CVE-2022-34035 HIGH POC PATCH This Week

HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Htmldoc
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-34033 HIGH POC PATCH This Week

HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Htmldoc
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-34032 HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34031 HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34030 HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34028 HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-34027 HIGH POC This Week

Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-32450 HIGH POC This Week

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anydesk
NVD VulDB
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-24691 HIGH POC This Week

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dsknet
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-2101 MEDIUM POC PATCH This Month

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Download Manager
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2022-35741 CRITICAL PATCH Act Now

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service SSRF Apache XXE Cloudstack
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2022-30623 CRITICAL Act Now

The server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass P5E Gnss Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-34643 MEDIUM POC This Month

RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Spike Risc V Isa Simulator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34642 MEDIUM POC This Month

The component mcontrol.action in RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 contains the incorrect mask which can cause a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Spike Risc V Isa Simulator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34641 MEDIUM POC PATCH This Month

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Riscvc Boom Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-34640 MEDIUM POC This Month

The *tval of ecall/ebreak in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a was discovered to be incorrect. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34639 MEDIUM POC PATCH This Month

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34637 MEDIUM POC This Month

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an incorrect exception type when an illegal virtual address is loaded. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34636 MEDIUM POC This Month

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMA violation occurs during address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34634 MEDIUM POC This Month

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34633 MEDIUM POC This Month

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted sfence.vma instructions rather create an exception. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-24692 MEDIUM POC This Month

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Dsknet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2444 HIGH PATCH This Week

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP WordPress Visualizer
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-2400 MEDIUM POC PATCH This Month

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dompdf
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-24689 MEDIUM POC This Month

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dsknet
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-34632 CRITICAL PATCH Act Now

Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain insufficient cryptography via the component /rocket/RocketCore.scala. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rocket Chip Generator
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2022-2435 HIGH This Week

The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP CSRF Anymind Widget
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2001 HIGH PATCH This Week

The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP WordPress CSRF Dx Share Selection
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-2039 HIGH PATCH This Week

The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP WordPress CSRF Free Live Chat Support
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-2443 HIGH This Week

The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress CSRF Freemind Wp Browser
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-1912 HIGH PATCH This Week

The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Button Widget Smartsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-26120 HIGH This Week

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Fortiadc
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-26117 HIGH PATCH This Week

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Brute Force Information Disclosure Fortinac
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-34890 HIGH This Week

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-30620 HIGH This Week

On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cellinx Nvt Ip Ptz Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-34889 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Parallels Desktop
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-35404 HIGH PATCH This Week

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Zoho Manageengine Opmanager Manageengine Network Configuration Manager Manageengine Netflow Analyzer +1
NVD
CVSS 3.1
8.2
EPSS
3.8%
CVE-2022-28683 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28682 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28680 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28679 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28678 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy