Skip to main content
CVE-2022-0977 CRITICAL POC Act Now

Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome
NVD
CVSS 3.1
9.6
EPSS
0.8%
CVE-2022-0973 CRITICAL POC Act Now

Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2022-0976 HIGH POC This Week

Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Buffer Overflow Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-0975 HIGH POC This Week

Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-0974 HIGH POC This Week

Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-0972 HIGH POC This Week

Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-0971 HIGH POC This Week

Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-35899 HIGH POC This Week

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Aura Ready Game Software Development Kit
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-32430 HIGH POC This Week

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Java Lin Cms Spring Boot
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2022-31151 MEDIUM POC PATCH This Month

Authorization headers are cleared on cross-origin redirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Undici
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34767 CRITICAL Act Now

Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone to Authorization bypass vulnerability - the password, located at "admin" allows changing the http[s]://wizardpwd.asp/cgi-bin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass All Wr0500Ac Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-0902 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Abb Path Traversal Command Injection Rmc 100 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
16.4%
CVE-2022-31234 CRITICAL PATCH Act Now

Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dell Emc Powerstore 500T Firmware Emc Powerstore 1200T Firmware Emc Powerstore 3200T Firmware +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-20858 CRITICAL Act Now

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass CSRF Cisco Nexus Dashboard
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-20857 CRITICAL Act Now

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass CSRF Cisco Nexus Dashboard
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-34487 MEDIUM POC This Month

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Shortcode Addons
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2022-33198 MEDIUM POC This Month

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Accordions
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2022-28666 MEDIUM POC This Month

Broken Access Control vulnerability in YIKES Inc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Custom Product Tabs For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-34367 HIGH This Week

Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Site Request Forgery Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dell Emc Data Protection Central
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-31146 HIGH PATCH This Week

Wasmtime is a standalone runtime for WebAssembly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Cranelift Codegen Wasmtime
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-20861 HIGH This Week

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass CSRF Cisco Nexus Dashboard
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-33923 HIGH PATCH This Week

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Command Injection Emc Powerstore 500T Firmware Emc Powerstore 1200T Firmware Emc Powerstore 3200T Firmware +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-32498 HIGH PATCH This Week

Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Dell Powerstore Command Line Interface
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32556 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-20860 HIGH This Week

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Cisco Nexus Dashboard
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2022-20891 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +3
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-28700 HIGH PATCH This Week

Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload Givewp
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-20890 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20889 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-20888 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-20887 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-20886 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20885 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-20884 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-20883 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20882 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-20881 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-20880 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20879 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20878 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-20877 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-20876 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-20875 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-20874 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-20873 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-28877 MEDIUM This Month

This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation RCE Elements Endpoint Protection
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-22555 MEDIUM This Month

Dell EMC PowerStore, contains an OS command injection Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Emc Powerstore 500T Firmware Emc Powerstore 1200T Firmware Emc Powerstore 3200T Firmware +2
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2022-28861 MEDIUM This Month

The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Citilog
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2022-28860 MEDIUM This Month

An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Citilog
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-36313 MEDIUM POC PATCH This Month

A malformed MKV file can trigger an infinite loop in the file-type Node.js package (versions before 16.5.4 and 17.x before 17.1.3), causing application unresponsiveness and enabling denial-of-service attacks. The vulnerability affects the Sindresorhus file-type library, a widely-used dependency for file type detection, and requires only local access and user interaction to trigger (CVSS 5.5). With an EPSS score of 0.17% (38th percentile), actual exploitation probability remains relatively low despite the moderate severity rating.

Denial Of Service Node.js File Type
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy