Skip to main content
CVE-2022-38359 HIGH POC This Week

Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Eyes Of Network Web
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-38357 HIGH POC This Week

Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Eyes Of Network Web
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-35624 HIGH POC This Week

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nrf5 Sdk For Mesh
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-35623 HIGH POC This Week

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nrf5 Sdk For Mesh
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-2818 HIGH POC PATCH This Week

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Cockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-2381 HIGH POC This Week

The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP E Unlocked Student Result
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2820 HIGH POC PATCH This Week

Session Fixation in GitHub repository namelessmc/nameless prior to v2.0.2. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Session Fixation Nameless
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-2817 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0213. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2816 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38223 HIGH POC This Week

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow W3M Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-2819 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-33990 HIGH POC This Week

Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dproxy Nexgen
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33988 HIGH POC This Week

dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Request Smuggling Dproxy Nexgen
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-2822 HIGH POC PATCH This Week

An attacker can freely brute force username and password and can takeover any account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Octoprint
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2821 HIGH POC PATCH This Week

Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nameless
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-2379 HIGH POC This Week

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Easy Student Results
NVD WPScan
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-2354 HIGH POC This Week

The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wp Dbmanager
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-38368 HIGH This Week

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gateway
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-37401 HIGH PATCH This Week

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Openoffice
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-37400 HIGH PATCH This Week

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Openoffice
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36006 HIGH This Week

Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Arvados
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-28756 HIGH This Week

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Apple Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-34711 HIGH This Week

Windows Defender Credential Guard Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-36526 HIGH This Week

D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Go Rt Ac750 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-36524 HIGH This Week

D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Go Rt Ac750 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-38187 HIGH This Week

Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Portal For Arcgis
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-33992 HIGH This Week

DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domain Name Relay Daemon
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-2813 HIGH This Week

A vulnerability, which was classified as problematic, was found in SourceCodester Guest Management System. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Guest Management System
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-35822 HIGH This Week

Windows Defender Credential Guard Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
7.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy