Skip to main content
CVE-2022-2334 HIGH POC Act Now

The application searches for a library dll that is not found. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Edgeaggregator Edgeconnector Opc Opc Ua C Software Development Kit +2
NVD GitHub
CVSS 3.1
7.2
EPSS
9.5%
CVE-2022-1373 HIGH POC THREAT Act Now

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Edgeaggregator Edgeconnector Opc Opc Ua C Software Development Kit +2
NVD GitHub
CVSS 3.1
7.2
EPSS
10.2%
CVE-2022-35147 CRITICAL POC Act Now

DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Doracms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-23747 CRITICAL POC THREAT Act Now

In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Xperia 1 Firmware Xperia 5 Firmware Xperia Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
10.0%
CVE-2022-35516 CRITICAL POC Act Now

DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-35121 CRITICAL POC Act Now

Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2870 CRITICAL POC Act Now

A vulnerability was found in laravel 5.1 and classified as problematic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Laravel
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36190 CRITICAL POC Act Now

GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Gpac
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35122 CRITICAL POC Act Now

An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gw1100 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-2862 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0221. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-2849 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-31262 HIGH POC This Week

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Galaxy
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2845 HIGH POC PATCH This Week

Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-36186 HIGH POC This Week

A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36216 HIGH POC This Week

DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Dedecms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-36215 HIGH POC This Week

DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Dedecmsv6
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-35148 MEDIUM POC This Month

maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Maccms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-35151 MEDIUM POC This Month

kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-2336 CRITICAL Act Now

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Edgeaggregator Edgeconnector Opc Opc Ua C Software Development Kit +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-23764 CRITICAL Act Now

The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webcube
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-22455 CRITICAL PATCH Act Now

IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Governance
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-1400 CRITICAL Act Now

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cmdb
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36191 MEDIUM POC This Month

A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-2871 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Notrinoserp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1399 CRITICAL Act Now

An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cmdb
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-23765 HIGH This Week

This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nas1Dual Firmware Nas2Dual Firmware Nas4Dual Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-35117 MEDIUM POC This Month

Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Clinic S Patient Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1410 HIGH This Week

OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cmdb
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-28752 HIGH This Week

Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Jwt Attack Privilege Escalation Rooms
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-28751 HIGH This Week

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Apple Privilege Escalation Meetings
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-30262 HIGH This Week

The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Controlwave Pac Firmware Controlwave Micro Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37459 HIGH This Week

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ampere Altra Firmware Ampere Altra Max Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2547 HIGH This Week

A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Edgeaggregator Edgeconnector Opc +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-2337 HIGH This Week

A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Edgeaggregator Edgeconnector Opc +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-2335 HIGH This Week

A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Edgeaggregator Edgeconnector Opc +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-1748 HIGH This Week

Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Edgeaggregator Edgeconnector Opc +3
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1069 HIGH This Week

A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Edgeaggregator Edgeconnector Opc +3
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-38149 HIGH PATCH This Week

HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Consul Template
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-1401 HIGH This Week

Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cmdb
NVD
CVSS 3.1
7.5
EPSS
18.0%
CVE-2022-35133 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cherrytree
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-2869 MEDIUM PATCH This Month

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libtiff Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2868 MEDIUM PATCH This Month

libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Libtiff Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2867 MEDIUM PATCH This Month

libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libtiff Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2338 MEDIUM This Month

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Edgeaggregator Edgeconnector Opc Opc Ua C Software Development Kit +2
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-38392 MEDIUM This Month

Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 5400Rmp Oem Harddrive
NVD
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy