Skip to main content
CVE-2022-36456 HIGH POC This Week

TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A720R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-2255 HIGH POC PATCH This Week

A vulnerability was found in mod_wsgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mod Wsgi Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31798 MEDIUM POC This Month

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation XSS PHP Emerge E3 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
6.7%
CVE-2022-37161 MEDIUM POC This Month

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Claroline
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-28747 CRITICAL Act Now

Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Titan Inbox Detection Response
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2980 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-37292 MEDIUM POC This Month

Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-36527 MEDIUM POC This Month

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-37162 MEDIUM POC This Month

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Claroline
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-37160 MEDIUM POC This Month

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Claroline
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37238 MEDIUM POC This Month

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Gateway For Email Servers
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37245 MEDIUM POC This Month

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Gateway For Email Servers
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37244 MEDIUM POC This Month

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Gateway For Email Servers
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37243 MEDIUM POC This Month

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Gateway For Email Servers
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37241 MEDIUM POC This Month

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Gateway For Email Servers
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37239 MEDIUM POC This Month

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Gateway For Email Servers
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36119 HIGH This Week

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Blue Prism
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-20921 HIGH This Week

A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Aci Multi Site Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-20824 HIGH This Week

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow RCE Stack Overflow +141
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-32744 HIGH PATCH This Week

A flaw was found in Samba. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Samba
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-2031 HIGH This Week

A flaw was found in Samba. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-32427 HIGH This Week

PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal Windows Client
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-20823 HIGH This Week

A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Buffer Overflow Nexus 3016 Firmware Nexus 3016Q Firmware +144
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2022-32745 HIGH PATCH This Week

A flaw was found in Samba. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Samba
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-2465 HIGH PATCH This Week

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Rockwell Deserialization RCE Isagraf Workbench
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2464 HIGH PATCH This Week

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Rockwell Path Traversal Isagraf Workbench
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2463 HIGH PATCH This Week

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Rockwell Path Traversal Isagraf Workbench
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2022-0135 HIGH PATCH This Week

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption RCE Denial Of Service Buffer Overflow Virglrenderer +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-22728 HIGH This Week

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Buffer Overflow Libapreq2 Fedora +1
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2022-36115 HIGH This Week

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Blue Prism
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-2959 HIGH PATCH This Week

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). Rated high severity (CVSS 7.0).

Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2022-20865 MEDIUM This Month

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Firepower 4110 Firmware Firepower 4112 Firmware Firepower 4115 Firmware +9
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-2991 MEDIUM PATCH This Month

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Linux RCE Heap Overflow Buffer Overflow Linux Kernel
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-37316 MEDIUM This Month

Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-23715 MEDIUM This Month

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elastic Elastic Cloud Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-37318 MEDIUM This Month

Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37953 MEDIUM This Month

An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Workstationst
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-37952 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Workstationst
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-37317 MEDIUM This Month

Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-32746 MEDIUM PATCH This Month

A flaw was found in the Samba AD LDAP server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Samba
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-36118 MEDIUM This Month

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Blue Prism
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-36116 MEDIUM This Month

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Blue Prism
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-23235 MEDIUM PATCH This Month

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure VMware Active Iq Unified Manager
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-36358 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Seo Scout
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-32742 MEDIUM This Month

A flaw was found in Samba. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-36117 LOW Monitor

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Blue Prism
NVD
CVSS 3.1
3.1
EPSS
0.6%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy