Skip to main content
CVE-2022-37042 CRITICAL POC KEV PATCH THREAT Act Now

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Zimbra Collaboration Suite
NVD
CVSS 3.1
9.8
EPSS
88.3%
CVE-2022-35949 CRITICAL POC PATCH Act Now

undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Node.js Undici
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-2804 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Zoo Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zoo Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2803 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Zoo Management System and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Zoo Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35559 CRITICAL POC THREAT Act Now

A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.9(4122), which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda RCE Buffer Overflow W6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.9%
CVE-2022-35555 CRITICAL POC THREAT Act Now

A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
25.0%
CVE-2022-2779 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gas Agency Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35943 HIGH POC PATCH This Week

Shield is an authentication and authorization framework for CodeIgniter 4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Codeigniter Shield
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-2621 HIGH POC This Week

Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-37423 HIGH POC PATCH This Week

Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Awesome Procedures On Cypher
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-35561 HIGH POC This Week

A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow W6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35560 HIGH POC This Week

A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow W6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35558 HIGH POC This Week

A stack overflow vulnerability exists in /goform/WifiMacFilterGet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow W6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35557 HIGH POC This Week

A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow W6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-2503 MEDIUM POC This Month

Dm-verity is used for extending root-of-trust to root filesystems. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linux Kernel
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-35953 MEDIUM POC This Month

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Bookwyrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2800 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gym Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-35942 CRITICAL PATCH Act Now

Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PostgreSQL SQLi Loopback Connector Postgresql
NVD GitHub
CVSS 3.1
10.0
EPSS
0.5%
CVE-2022-35956 CRITICAL PATCH Act Now

This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Update By Case
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-37397 CRITICAL Act Now

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Yugabytedb
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2802 CRITICAL Act Now

A vulnerability has been found in SourceCodester Gas Agency Management System and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Gas Agency Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-2801 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Automated Beer Parlour Billing System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Automated Beer Parlour Billing System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-2587 CRITICAL Act Now

Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2797 CRITICAL Act Now

A vulnerability classified as critical was found in SourceCodester Student Information System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Student Information System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-2624 HIGH This Week

Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-2623 HIGH This Week

Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2620 HIGH This Week

Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2617 HIGH This Week

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-2614 HIGH This Week

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2613 HIGH This Week

Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-2609 HIGH This Week

Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2608 HIGH This Week

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2607 HIGH This Week

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2606 HIGH This Week

Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2604 HIGH This Week

Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2603 HIGH This Week

Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-35590 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-35589 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-35587 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-35585 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-28632 HIGH This Week

A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-28631 HIGH This Week

A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-20362 HIGH This Week

In Bluetooth, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Google Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-20283 HIGH This Week

In Bluetooth, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Google Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-20254 HIGH This Week

In Wi-Fi, there is a permissions bypass. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-28628 HIGH This Week

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2022-28627 HIGH This Week

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2022-2390 HIGH PATCH This Week

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Google Play Services Software Development Kit
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2022-28629 HIGH This Week

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20331 HIGH This Week

In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google XSS Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy