Skip to main content
CVE-2022-35167 HIGH POC This Week

Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Cloud Print Management
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36170 HIGH POC This Week

MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Igserver
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36579 HIGH POC This Week

Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wellcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-36577 HIGH POC This Week

An issue was discovered in jizhicms v2.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jizhicms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-36225 HIGH POC This Week

EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Eyoucms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-36224 HIGH POC This Week

XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Xunruicms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-35909 HIGH POC PATCH This Week

In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Jellyfin
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-2886 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Laravel 5.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Laravel
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-36171 HIGH POC This Week

MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mapgis Igserver
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-2889 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0225. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-36263 HIGH POC This Week

StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Streamlabs Desktop
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2022-36157 HIGH PATCH This Week

XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Xxl Job
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-36009 HIGH PATCH This Week

gomatrixserverlib is a Go library for matrix protocol federation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Dendrite Gomatrixserverlib
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2793 HIGH This Week

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electric S Proficy
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-2792 HIGH This Week

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Electric S Proficy
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-23460 HIGH This Week

Jsonxx or Json++ is a JSON parser, writer and reader written in C++. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Json
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-2075 HIGH PATCH This Week

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2074 HIGH PATCH This Week

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2049 HIGH PATCH This Week

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Octopus Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2788 HIGH This Week

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Path Traversal Electric S Proficy
NVD
CVSS 3.1
7.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy