Skip to main content
CVE-2022-34567 HIGH POC This Week

An issue in \Roaming\Mango\Plugins of University of Texas Multi-image Analysis GUI (Mango) 4.1 allows attackers to escalate privileges via crafted plugins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Multi Image Analysis Gui
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-2273 HIGH POC This Week

The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Simple Membership
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-2245 HIGH POC This Week

The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Counter Box
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-2184 HIGH POC This Week

The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF WordPress Path Traversal Captcha 4Wp
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-2581 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2580 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2571 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-37315 HIGH POC PATCH This Week

graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Graphql Go
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-35920 HIGH POC PATCH This Week

Sanic is an opensource python web server/framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Sanic
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-31173 HIGH POC PATCH This Week

Juniper is a GraphQL server library for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Juniper Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-1585 HIGH POC This Week

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Path Traversal PHP Project Source Code Download
NVD WPScan
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-2591 HIGH POC This Week

A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Flex 1085 Firmware
NVD VulDB Exploit-DB
CVSS 3.1
7.5
EPSS
6.7%
CVE-2022-34161 HIGH PATCH This Week

IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Cics Tx
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-34154 HIGH This Week

Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Enable Svg Webp Ico Upload
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-26310 HIGH This Week

Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-26309 HIGH This Week

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-31776 HIGH PATCH This Week

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Datapower Gateway
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-26429 HIGH This Week

In cta, there is a possible way to write permission usage records of an app due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-35922 HIGH PATCH This Week

Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rust Websocket Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-31198 HIGH PATCH This Week

OpenZeppelin Contracts is a library for secure smart contract development. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Contracts Contracts Upgradeable
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31184 HIGH PATCH This Week

Discourse is the an open source discussion platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-36301 HIGH This Week

BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Bf Os
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-2509 HIGH This Week

A vulnerability found in gnutls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gnutls Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-22505 HIGH This Week

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-31195 HIGH PATCH This Week

DSpace open source software is a repository application which provides durable access to digital resources. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Tomcat Path Traversal Dspace
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-31194 HIGH PATCH This Week

DSpace open source software is a repository application which provides durable access to digital resources. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Tomcat Path Traversal Dspace
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-36799 HIGH This Week

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Code Injection Jira Data Center Jira Server
NVD
CVSS 3.1
7.2
EPSS
44.6%
CVE-2022-30616 HIGH This Week

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
7.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy