Skip to main content
CVE-2022-37393 HIGH POC Act Now

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Collaboration
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2022-35011 HIGH POC This Week

PNGDec commit 8abf6be was discovered to contain a global buffer overflow via inflate_fast at /src/inffast.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pngdec
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36310 HIGH POC This Week

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Airvelocity 1500 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-36309 HIGH POC THREAT This Week

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Airvelocity 1500 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
24.1%
CVE-2022-38238 HIGH POC This Week

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Xpdf
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38237 HIGH POC This Week

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Xpdf
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38236 HIGH POC This Week

XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Xpdf
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38231 HIGH POC This Week

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Xpdf
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38229 HIGH POC This Week

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Xpdf
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38228 HIGH POC This Week

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Xpdf
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38227 HIGH POC This Week

XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Xpdf
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-37781 HIGH POC This Week

fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __interceptor_memcpy.part.46 at /sanitizer_common/sanitizer_common_interceptors.inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Fdkaac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36144 HIGH POC This Week

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via base64_encode. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swfmill
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36143 HIGH POC This Week

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via __interceptor_strlen.part at /sanitizer_common/sanitizer_common_interceptors.inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swfmill
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36142 HIGH POC This Week

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Reader::getU30(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swfmill
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36139 HIGH POC This Week

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Writer::writeByte(unsigned char). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swfmill
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-35003 HIGH POC This Week

JPEGDEC commit be4843c was discovered to contain a global buffer overflow via ucDitherBuffer at /src/jpeg.inl. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jpegdec
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34998 HIGH POC This Week

JPEGDEC commit be4843c was discovered to contain a global buffer overflow via JPEGDecodeMCU at /src/jpeg.inl. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jpegdec
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2833 HIGH POC PATCH This Week

Endless Infinite loop in Blender-thumnailing due to logical bugs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Blender
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-2832 HIGH POC PATCH This Week

A flaw was found in Blender 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Blender
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-2831 HIGH POC PATCH This Week

A flaw was found in Blender 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Blender
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-24950 HIGH POC PATCH This Week

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Race Condition Information Disclosure Eternal Terminal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-24949 HIGH POC PATCH This Week

A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Race Condition Privilege Escalation Buffer Overflow Eternal Terminal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-24951 HIGH POC This Week

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Eternal Terminal
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-34255 HIGH PATCH This Week

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Privilege Escalation Commerce Magento
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-34254 HIGH PATCH This Week

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Path Traversal Adobe Commerce Magento
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-2661 HIGH This Week

Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Portbloque S Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-38362 HIGH PATCH This Week

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Docker Apache Airflow Providers Docker
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-35239 HIGH This Week

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Sv Cpt Mc310F Firmware Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-36312 HIGH This Week

Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Airvelocity 1500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-38184 HIGH This Week

There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Portal For Arcgis
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35734 HIGH This Week

'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Hulu
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-33939 HIGH This Week

CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Centum Cs 3000 Cp401 Firmware Centum Cs 3000 Cp451 Firmware Centum Cs 3000 Cp33 Firmware Centum Cs 3000 Cp345 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-38216 HIGH PATCH This Week

An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Maps Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-34253 HIGH PATCH This Week

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Commerce Magento
NVD
CVSS 3.1
7.2
EPSS
4.2%
CVE-2022-36381 HIGH This Week

OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wi Fi Network Adaptor Wap 001 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-36293 HIGH This Week

Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Wi Fi Network Adaptor Wap 001 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy