Skip to main content
CVE-2022-1565 HIGH POC PATCH THREAT Act Now

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.8%.

RCE PHP File Upload Wp All Import
NVD Exploit-DB VulDB
CVSS 3.1
7.2
EPSS
51.8%
Threat
4.5
CVE-2022-33891 HIGH POC KEV PATCH THREAT Act Now

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection Spark
NVD
CVSS 3.1
8.8
EPSS
93.0%
CVE-2022-24688 HIGH POC This Week

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE SQLi File Upload Dsknet
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-24690 HIGH POC This Week

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dsknet
NVD GitHub
CVSS 3.1
8.2
EPSS
1.0%
CVE-2022-34035 HIGH POC PATCH This Week

HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Htmldoc
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-34033 HIGH POC PATCH This Week

HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Htmldoc
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-34032 HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34031 HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34030 HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34028 HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-34027 HIGH POC This Week

Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-32450 HIGH POC This Week

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anydesk
NVD VulDB
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-24691 HIGH POC This Week

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dsknet
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-2444 HIGH PATCH This Week

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP WordPress Visualizer
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-2435 HIGH This Week

The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP CSRF Anymind Widget
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2001 HIGH PATCH This Week

The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP WordPress CSRF Dx Share Selection
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-2039 HIGH PATCH This Week

The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP WordPress CSRF Free Live Chat Support
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-2443 HIGH This Week

The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress CSRF Freemind Wp Browser
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-1912 HIGH PATCH This Week

The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Button Widget Smartsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-26120 HIGH This Week

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Fortiadc
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-26117 HIGH PATCH This Week

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Brute Force Information Disclosure Fortinac
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-34890 HIGH This Week

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-30620 HIGH This Week

On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cellinx Nvt Ip Ptz Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-34889 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Parallels Desktop
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-35404 HIGH PATCH This Week

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Zoho Manageengine Opmanager Manageengine Network Configuration Manager Manageengine Netflow Analyzer +1
NVD
CVSS 3.1
8.2
EPSS
3.8%
CVE-2022-28683 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28682 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28680 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28679 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28678 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28677 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28676 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28675 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28674 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28673 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28672 HIGH POC This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-28671 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-28670 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-28669 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-34902 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Access
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34901 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Access
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34900 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE OpenSSL Parallels Access
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-34899 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Access
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-34892 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Race Condition RCE Parallels Desktop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-34891 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32387 HIGH PATCH This Week

In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Xperience
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-23745 HIGH This Week

A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Capsule Workspace
NVD
CVSS 3.1
7.5
EPSS
14.9%
CVE-2022-30627 HIGH This Week

This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass P5E Gnss Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-30626 HIGH This Week

Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure P5E Gnss Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-30624 HIGH This Week

Browsing the admin.html page allows the user to reset the admin password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass P5E Gnss Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy