Skip to main content
CVE-2022-31660 HIGH POC PATCH Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

VMware Privilege Escalation Identity Manager One Access Access Connector +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-24023 HIGH POC This Week

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linkhub Mesh Wifi Ac1200
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-21201 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Linkhub Mesh Wifi Ac1200
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-2680 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Church Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2678 HIGH POC This Week

A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Alphaware E Commerce System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2667 HIGH POC This Week

A vulnerability was found in SourceCodester Loan Management System and classified as critical.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2636 HIGH POC PATCH This Week

Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Control Panel
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32543 HIGH POC This Week

An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Alyac
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-29886 HIGH POC This Week

An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Alyac
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-1158 HIGH POC This Week

A flaw was found in KVM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Linux Kernel Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-37415 HIGH POC This Week

The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Sparkio Sys
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-27660 HIGH POC This Week

A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Linkhub Mesh Wifi Ac1200
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-27633 HIGH POC This Week

An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linkhub Mesh Wifi Ac1200
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-27630 HIGH POC This Week

An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linkhub Mesh Wifi Ac1200
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-27185 HIGH POC This Week

A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Linkhub Mesh Wifi Ac1200
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-2626 HIGH POC PATCH This Week

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Control Panel
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-37398 HIGH This Week

A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Adm
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-33201 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MailerLite - Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Mailerlite Signup Forms
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-25649 HIGH This Week

Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Affiliate For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2673 HIGH This Week

A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Booking And Hotel Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-2672 HIGH This Week

A vulnerability was found in SourceCodester Garage Management System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Garage Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-2671 HIGH This Week

A vulnerability was found in SourceCodester Garage Management System and classified as critical.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Garage Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-2665 HIGH This Week

A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Simple E Learning System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-1012 HIGH This Week

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Kernel
NVD
CVSS 3.1
8.2
EPSS
3.0%
CVE-2022-2326 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-31614 HIGH PATCH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Nvidia Information Disclosure Denial Of Service Virtual Gpu
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31609 HIGH PATCH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Nvidia Authentication Bypass Information Disclosure Denial Of Service Virtual Gpu
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22299 HIGH PATCH This Week

A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Fortinet Authentication Bypass Fortiadc Fortimail Fortiproxy +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27535 HIGH This Week

Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Vpn Secure Connection
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36840 HIGH This Week

DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Samsung Update
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-36833 HIGH This Week

Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Gameoptimizingservice
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-31664 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

VMware Privilege Escalation Identity Manager One Access Access Connector +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31661 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

VMware Privilege Escalation Identity Manager One Access Access Connector +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34768 HIGH This Week

insert HTML / js code inside input how to get to the vulnerable input : Workers &gt; worker nickname &gt; inject in this input the code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Supersmart Me Walk Through
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-31662 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal VMware Identity Manager One Access Access Connector +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-2501 HIGH This Week

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-2498 HIGH This Week

An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2053 HIGH PATCH This Week

When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integration Camel K Jboss Fuse Undertow
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-2668 HIGH PATCH This Week

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak Single Sign On
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-31665 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE VMware Identity Manager One Access Identity Manager Connector
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2022-31659 HIGH PATCH This Week

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

RCE VMware SQLi Identity Manager One Access +2
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2022-31658 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE VMware Identity Manager One Access Access Connector +1
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2022-1973 HIGH This Week

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +6
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-33732 HIGH This Week

Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-33731 HIGH This Week

Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy