Skip to main content
CVE-2022-2946 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0246. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-1513 HIGH This Week

A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo Command Injection Pcmanager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-36394 HIGH This Week

Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Contest Gallery
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-36389 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Better Messages
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-36379 HIGH This Week

Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Yukassa For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-36292 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Gallery Photoblocks
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-36288 HIGH This Week

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Download Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-31676 HIGH PATCH This Week

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Tools Debian Linux Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2938 HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-35203 HIGH This Week

An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tv Ip572Pi Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
2.0%
CVE-2022-28883 HIGH This Week

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elements Endpoint Protection Atlant Cloud Protection For Salesforce Elements Collaboration Protection +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-28882 HIGH This Week

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elements Endpoint Protection Atlant Cloud Protection For Salesforce Elements Collaboration Protection +3
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25888 HIGH PATCH This Week

The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Opcua
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-25761 HIGH PATCH This Week

The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Open62541 Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-25304 HIGH PATCH This Week

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Asyncua Opcua
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-25302 HIGH This Week

All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Opc Ua Stack
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-25231 HIGH PATCH This Week

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Node Opcua
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-24381 HIGH This Week

All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Opc Ua Stack
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-24298 HIGH This Week

All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freeopcua
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-21208 HIGH PATCH This Week

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node Opcua
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-33916 HIGH PATCH This Week

OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ua Net Standard Stack
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36285 HIGH This Week

Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Uploading Svg Webp And Ico Files
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-34486 HIGH PATCH This Week

Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Pukiwiki
NVD
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy