Skip to main content
CVE-2022-2143 CRITICAL POC THREAT Emergency

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Iview
NVD
CVSS 3.1
9.8
EPSS
59.2%
CVE-2022-34115 CRITICAL POC PATCH Act Now

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34113 CRITICAL POC PATCH Act Now

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-25759 CRITICAL POC PATCH Act Now

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Convert Svg Core
NVD GitHub
CVSS 3.1
9.8
EPSS
9.2%
CVE-2022-34983 CRITICAL POC PATCH Act Now

The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Scu Captcha
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-34981 CRITICAL POC PATCH Act Now

The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pycrowdtangle
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-34114 HIGH POC PATCH This Week

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dataease
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-0980 HIGH POC This Week

Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-0979 HIGH POC This Week

Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-0978 HIGH POC This Week

Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-31163 HIGH POC PATCH This Week

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Path Traversal Tzinfo Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2022-2493 HIGH POC PATCH This Week

Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-33901 HIGH POC This Week

Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Path Traversal Multisafepay Plugin For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-34037 HIGH POC This Week

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Caddy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-34112 MEDIUM POC PATCH This Month

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dataease
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-34503 MEDIUM POC This Month

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Qpdf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-2470 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-36131 MEDIUM POC This Month

The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian XSS Better Pdf Exporter
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-34839 CRITICAL Act Now

Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Oauth2 Server
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-34982 CRITICAL PATCH Act Now

The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Eziod
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34509 CRITICAL Act Now

The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Wikifaces
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34501 CRITICAL Act Now

The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Pypi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34500 CRITICAL Act Now

The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Pypi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2139 CRITICAL Act Now

The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Iview
NVD
CVSS 3.1
9.8
EPSS
14.8%
CVE-2022-34520 MEDIUM POC This Month

Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-34502 MEDIUM POC This Month

Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2494 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-33960 HIGH PATCH This Week

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Social Share Buttons
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-30998 HIGH This Week

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Homepage Product Organizer For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-27235 HIGH PATCH This Week

Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress Privilege Escalation Social Share Buttons
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-31168 HIGH PATCH This Week

Zulip is an open source team chat tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Zulip
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2495 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-29495 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Popup Builder
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-2327 HIGH PATCH This Week

io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28879 HIGH This Week

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elements Endpoint Protection Atlant Cloud Protection For Salesforce Elements Collaboration Protection +3
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-28878 HIGH This Week

A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elements Endpoint Protection Atlant Cloud Protection For Salesforce Elements Collaboration Protection +3
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-2138 HIGH This Week

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Information Disclosure Iview
NVD
CVSS 3.1
7.5
EPSS
10.9%
CVE-2022-2135 HIGH This Week

The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
7.5
EPSS
10.1%
CVE-2022-31172 HIGH PATCH This Week

OpenZeppelin Contracts is a library for smart contract development. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Contracts
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-31170 HIGH PATCH This Week

OpenZeppelin Contracts is a library for smart contract development. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Contracts
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31169 HIGH PATCH This Week

Wasmtime is a standalone runtime for WebAssembly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cranelift Codegen Wasmtime
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31164 HIGH PATCH This Week

Tovy is a a staff management system for Roblox groups. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Tovy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-31162 HIGH PATCH This Week

Slack Morphism is an async client library for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Slack Morphism
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-20912 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20911 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20910 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +4
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20904 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20903 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20902 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-20901 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Rv215W Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy