Skip to main content
CVE-2022-35943 HIGH POC PATCH This Week

Shield is an authentication and authorization framework for CodeIgniter 4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Codeigniter Shield
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-2621 HIGH POC This Week

Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-37423 HIGH POC PATCH This Week

Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Awesome Procedures On Cypher
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-35561 HIGH POC This Week

A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow W6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35560 HIGH POC This Week

A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow W6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35558 HIGH POC This Week

A stack overflow vulnerability exists in /goform/WifiMacFilterGet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow W6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35557 HIGH POC This Week

A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow W6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-2624 HIGH This Week

Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-2623 HIGH This Week

Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2620 HIGH This Week

Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2617 HIGH This Week

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-2614 HIGH This Week

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2613 HIGH This Week

Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-2609 HIGH This Week

Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2608 HIGH This Week

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2607 HIGH This Week

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2606 HIGH This Week

Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2604 HIGH This Week

Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2603 HIGH This Week

Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-28632 HIGH This Week

A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-28631 HIGH This Week

A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-20362 HIGH This Week

In Bluetooth, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Google Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-20283 HIGH This Week

In Bluetooth, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Google Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-20254 HIGH This Week

In Wi-Fi, there is a permissions bypass. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-28628 HIGH This Week

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2022-28627 HIGH This Week

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2022-2390 HIGH PATCH This Week

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Google Play Services Software Development Kit
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2022-28629 HIGH This Week

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20331 HIGH This Week

In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google XSS Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20329 HIGH This Week

In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20325 HIGH This Week

In Media, there is a possible code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Privilege Escalation Memory Corruption RCE +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20319 HIGH This Week

In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20297 HIGH This Week

In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20292 HIGH This Week

In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20286 HIGH This Week

In Connectivity, there is a possible bypass the restriction of starting activity from background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20282 HIGH This Week

In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20281 HIGH This Week

In Core, there is a possible way to start an activity from the background due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20274 HIGH This Week

In Keyguard, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20271 HIGH This Week

In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20268 HIGH This Week

In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20258 HIGH This Week

In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20302 HIGH This Week

In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2022-35980 HIGH PATCH This Week

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Elastic Opensearch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-37041 HIGH PATCH This Week

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Java Collaboration
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-20308 HIGH This Week

In hostapd, there is a possible insecure configuration due to an insecure default value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-28636 HIGH This Week

A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s):. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

RCE Denial Of Service Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2022-28635 HIGH This Week

A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s):. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

RCE Denial Of Service Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2022-28633 HIGH This Week

A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-28630 HIGH This Week

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
7.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy