Skip to main content
CVE-2022-36601 CRITICAL POC Act Now

The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jasminer X4 Server Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-36672 CRITICAL POC Act Now

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Novel Plus
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-36603 HIGH POC This Week

InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE T3T Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-36602 HIGH POC This Week

InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE A10 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-1902 HIGH POC This Week

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Red Hat Privilege Escalation Advanced Cluster Security
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-36373 HIGH POC This Week

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Mp3 Jplayer
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2639 HIGH POC PATCH This Week

An integer coercion error was found in the openvswitch kernel module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-36604 HIGH POC This Week

An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Avalon Asic Miner Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-32743 HIGH POC This Week

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Samba Fedora
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-36671 HIGH POC This Week

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Novel Plus
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-36676 HIGH POC This Week

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Task Scheduling System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-36675 HIGH POC This Week

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Task Scheduling System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-36674 HIGH POC This Week

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Task Scheduling System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-2447 MEDIUM POC This Month

A flaw was found in Keystone. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Keystone Openstack Platform Quay Storage
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2022-36583 MEDIUM POC This Month

DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dedecms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-36130 CRITICAL Act Now

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Privilege Escalation Boundary
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2022-34379 CRITICAL PATCH Act Now

Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Dell Cloudlink
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-1615 MEDIUM POC PATCH This Month

In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Samba Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-38790 MEDIUM POC This Month

Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitops
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-3072 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rosariosis
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-2663 MEDIUM POC This Month

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Authentication Bypass Linux Kernel Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-34372 CRITICAL PATCH Act Now

Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Dell Authentication Bypass Powerprotect Cyber Recovery
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-37435 HIGH PATCH This Week

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords.4.2 and 2.4.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Apache Information Disclosure Shenyu
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-36054 HIGH PATCH This Week

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-36053 HIGH This Week

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-36052 HIGH PATCH This Week

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-34380 HIGH PATCH This Week

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Dell Cloudlink
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-36773 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2022-2320 HIGH PATCH This Week

A flaw was found in the Xorg-x11-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow X Server
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-2319 HIGH PATCH This Week

A flaw was found in the Xorg-x11-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow X Server
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36622 HIGH PATCH This Week

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Samsung Null Pointer Dereference Denial Of Service Mtower
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-36621 HIGH This Week

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Null Pointer Dereference Denial Of Service Mtower
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-2738 HIGH This Week

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Red Hat RCE Use After Free Enterprise Linux Server +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-30614 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-2996 HIGH PATCH This Week

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Python Python Scciclient Debian Linux
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2022-1729 HIGH PATCH This Week

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. Rated high severity (CVSS 7.0).

Linux Information Disclosure Linux Kernel Hci Baseboard Management Controller
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-2403 MEDIUM PATCH This Month

A credentials leak was found in the OpenShift Container Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openshift
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-2308 MEDIUM This Month

A flaw was found in vDPA with VDUSE backend. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Kernel
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-2238 MEDIUM This Month

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Red Hat SQLi Advanced Cluster Management For Kubernetes
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-1632 MEDIUM This Month

An Improper Certificate Validation attack was found in Openshift. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Automation Platform Openshift Container Platform Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-28199 MEDIUM This Month

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Denial Of Service Data Plane Development Kit
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-36055 MEDIUM PATCH This Month

Helm is a tool for managing Charts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Helm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-36449 MEDIUM This Month

An issue was discovered in the Arm Mali GPU Kernel Driver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Bifrost Gpu Kernel Driver Midgard Gpu Kernel Driver +1
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-1677 MEDIUM PATCH This Month

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Openshift Container Platform
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2022-36796 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS WordPress Callrail Phone Call Tracking
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-3078 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Null Pointer Dereference Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-2806 MEDIUM PATCH This Month

It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sos Log Collector
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3061 MEDIUM PATCH This Month

Found Linux Kernel flaw in the i740 driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-36355 MEDIUM This Month

Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Easy Org Chart
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-2739 MEDIUM This Month

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Red Hat Enterprise Linux Server Enterprise Linux Workstation Podman
NVD
CVSS 3.1
5.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy