Skip to main content
CVE-2022-35517 HIGH POC This Week

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn572Hp3 Firmware Wn533A8 Firmware Wn530H4 Firmware Wn535G3 Firmware +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2022-25973 HIGH POC This Week

All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mc Kill Port
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-36923 HIGH POC This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +4
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2022-32189 HIGH POC PATCH This Week

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Go
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-36324 HIGH CISA Act Now

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Scalance M 800 Firmware Scalance S615 Firmware Scalance W700 Ieee 802 11Ax Firmware Scalance W700 Ieee 802 11N Firmware +80
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-37024 HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager +4
NVD
CVSS 3.1
8.8
EPSS
78.3%
CVE-2022-31673 HIGH PATCH This Week

VMware vRealize Operations contains an information disclosure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Information Disclosure VMware Vrealize Operations
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-20347 HIGH PATCH This Week

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-20345 HIGH This Week

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google RCE Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-33928 HIGH This Week

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Management Suite
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-0028 HIGH KEV THREAT This Week

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
8.6
EPSS
2.0%
CVE-2022-32245 HIGH This Week

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-2458 HIGH This Week

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Process Automation Manager
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2022-20816 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Unified Communications Manager
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-30580 HIGH PATCH This Week

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Code Injection Go
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-25793 HIGH This Week

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow 3ds Max
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-20360 HIGH PATCH This Week

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20356 HIGH PATCH This Week

In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20354 HIGH PATCH This Week

In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20349 HIGH PATCH This Week

In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20348 HIGH PATCH This Week

In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20792 HIGH This Week

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Clamav
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-37008 HIGH This Week

The recovery module has a vulnerability of bypassing the verification of an update package before use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-37007 HIGH This Week

The chinadrm module has an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-37006 HIGH This Week

Permission control vulnerability in the network module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-37005 HIGH This Week

The Settings application has an argument injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-37004 HIGH This Week

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-37001 HIGH This Week

The diag-router module has a vulnerability in intercepting excessive long and short instructions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-35290 HIGH This Week

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP Authenticator
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31675 HIGH PATCH This Week

VMware vRealize Operations contains an authentication bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass VMware Vrealize Operations
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-30635 HIGH PATCH This Week

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-30633 HIGH PATCH This Week

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-30632 HIGH PATCH This Week

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-30631 HIGH PATCH This Week

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-30630 HIGH PATCH This Week

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-29804 HIGH PATCH This Week

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Go
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-28881 HIGH This Week

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elements Endpoint Detection And Response Elements Endpoint Protection Atlant Cloud Protection For Salesforce +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-28131 HIGH PATCH This Week

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Fedora Cloud Insights Telegraf
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-35715 HIGH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-33930 HIGH This Week

Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Management Suite
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-20866 HIGH This Week

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
16.6%
CVE-2022-34661 HIGH This Week

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Teamcenter
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31780 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-31779 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-31778 HIGH This Week

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache.0.0 to 9.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-28129 HIGH This Week

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-25763 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling Traffic Server Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-31672 HIGH PATCH This Week

VMware vRealize Operations contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Vrealize Operations
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2022-22369 HIGH This Week

IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Workload Scheduler
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-20344 HIGH PATCH This Week

In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. Rated high severity (CVSS 7.0).

Google Race Condition Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy