Skip to main content
CVE-2022-2631 HIGH POC PATCH This Week

Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Tooljet
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-37035 HIGH POC This Week

An issue was discovered in bgpd in FRRouting (FRR) 8.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Information Disclosure Frrouting
NVD GitHub
CVSS 3.1
8.1
EPSS
1.9%
CVE-2022-35923 HIGH POC PATCH This Week

v8n is a javascript validation library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service V8N
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-34924 HIGH POC This Week

Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Landray Office Automation
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-25867 HIGH POC PATCH This Week

The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Socket Io Client Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-29154 HIGH POC This Week

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Rsync Fedora
NVD GitHub
CVSS 3.1
7.4
EPSS
1.7%
CVE-2022-34625 HIGH POC This Week

Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Mealie
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2022-35421 HIGH POC This Week

Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours And Travels Management System
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-35217 HIGH This Week

The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Health Insurance Web Service Component
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-29808 HIGH This Week

In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kace Systems Management Appliance
NVD
CVSS 3.1
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy