Skip to main content
CVE-2022-34531 CRITICAL POC THREAT Act Now

DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
22.5%
CVE-2022-34496 CRITICAL POC Act Now

Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Hiby R3 Pro Firmware Hiby R3 Pro Saber Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2578 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Garage Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-34528 HIGH POC This Week

D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-34527 HIGH POC This Week

D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2022-2577 HIGH POC This Week

A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Garage Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-36123 HIGH POC PATCH This Week

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Linux Kernel H300s Firmware H500s Firmware +3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-2414 HIGH POC PATCH THREAT This Week

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Dogtagpki
NVD GitHub
CVSS 3.1
7.5
EPSS
85.3%
CVE-2022-2576 HIGH POC PATCH This Week

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Californium
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-24912 HIGH POC PATCH This Week

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Atlantis
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-34526 MEDIUM POC This Month

A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libtiff Fedora +3
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-22280 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sonicwall SQLi Analytics Global Management System
NVD
CVSS 3.1
9.8
EPSS
9.3%
CVE-2022-1799 CRITICAL Act Now

Incorrect signature trust exists within Google Play services SDK play-services-basement. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Google Play Services Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-1277 CRITICAL Act Now

Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Solar Log
NVD VulDB
CVSS 3.1
9.4
EPSS
0.3%
CVE-2022-35643 CRITICAL PATCH Act Now

IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Powervm Virtual I O Server
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-2323 HIGH This Week

Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Sonicwall Command Injection Sws12 10Fpoe Firmware Sws12 8 Firmware +5
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-27864 HIGH PATCH This Week

A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Design Review
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-27866 HIGH This Week

A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Design Review
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27865 HIGH PATCH This Week

A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Design Review
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-33881 HIGH This Week

Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-27873 HIGH This Week

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Fusion 360
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-36447 HIGH This Week

An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Network Cat1 Standard
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2324 HIGH This Week

Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Sonicwall Authentication Bypass Hosted Email Security
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-35630 MEDIUM PATCH This Month

A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Velociraptor
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-35631 MEDIUM PATCH This Month

On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Apple Velociraptor
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-35629 MEDIUM This Month

Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Velociraptor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-2579 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Garage Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-23004 MEDIUM This Month

When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sweet B
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-23003 MEDIUM This Month

When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sweet B
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-23002 MEDIUM This Month

When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sweet B
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-23001 MEDIUM This Month

When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sweet B
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-36378 MEDIUM This Month

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Floating Div
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-35632 MEDIUM This Month

The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Velociraptor
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy