Skip to main content
CVE-2022-37181 CRITICAL POC Act Now

72crm 9.0 has an Arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wukong Crm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-37178 HIGH POC This Week

An issue was discovered in 72crm 9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Wukong Crm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36633 HIGH POC PATCH THREAT This Week

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Teleport
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
49.5%
CVE-2022-37418 MEDIUM POC This Month

The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Nissan Firmware Kia Firmware Hyundai Firmware
NVD VulDB
CVSS 3.1
6.4
EPSS
2.0%
CVE-2022-37305 MEDIUM POC This Month

The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Honda Firmware
NVD
CVSS 3.1
6.4
EPSS
0.9%
CVE-2022-36945 MEDIUM POC This Month

The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mazda Firmware
NVD
CVSS 3.1
6.4
EPSS
0.9%
CVE-2022-37153 MEDIUM POC This Month

An issue was discovered in Artica Proxy 4.30.000000. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Artica Proxy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-32839 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Ipados Iphone Os +4
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-20122 CRITICAL Act Now

The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Use After Free Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-38078 CRITICAL Act Now

Movable Type XMLRPC API provided by Six Apart Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection Movable Type
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32893 HIGH KEV THREAT This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +7
NVD
CVSS 3.1
8.8
EPSS
9.8%
CVE-2022-2234 HIGH PATCH This Week

An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Mypro
NVD
CVSS 3.1
8.8
EPSS
41.5%
CVE-2022-37333 HIGH PATCH This Week

SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Exment Laravel Admin
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-38132 HIGH This Week

Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Linksys Command Injection Mr8300 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-34838 HIGH This Week

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Abb Zenon
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2018-14519 MEDIUM POC This Month

An issue was discovered in Kirby 2.5.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Kirby
NVD Exploit-DB VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-34836 HIGH This Week

Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Path Traversal Zenon
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2022-32894 HIGH KEV THREAT This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +3
NVD
CVSS 3.1
7.8
EPSS
3.3%
CVE-2022-32840 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Privilege Escalation Ipados Iphone Os +2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-32837 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-32813 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32812 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Mac Os X +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-32811 HIGH This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Mac Os X macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-32810 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +3
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-2978 HIGH This Week

A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32793 HIGH This Week

Multiple out-of-bounds write issues were addressed with improved bounds checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow Ipados Iphone Os +4
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-27812 HIGH This Week

Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-25903 HIGH PATCH This Week

The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow Opcua
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-24375 HIGH PATCH This Week

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Node Opcua
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-4040 MEDIUM PATCH This Month

A flaw was found in AMQ Broker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Amq Broker Artemis
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
8.8%
CVE-2022-34837 MEDIUM This Month

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Abb Zenon
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2022-2569 MEDIUM PATCH This Month

The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Pcvue
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-32838 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os Mac Os X +1
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-32834 MEDIUM This Month

An access issue was addressed with improvements to the sandbox. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mac Os X macOS
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-33172 MEDIUM PATCH This Month

de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass De Fac2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-38089 MEDIUM PATCH This Month

Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Exment Laravel Admin
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-38080 MEDIUM PATCH This Month

Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Exment Laravel Admin
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-32857 MEDIUM This Month

This issue was addressed by using HTTPS when sending information over the network. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy