Skip to main content
CVE-2022-36642 CRITICAL POC Act Now

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Omnia Mpx Node Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
9.6%
CVE-2022-36594 CRITICAL POC Act Now

Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mapper
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36636 HIGH POC This Week

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Garage Management System
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36071 HIGH POC PATCH This Week

SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sftpgo
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-31196 HIGH POC PATCH This Week

Databasir is a database metadata management platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Databasir
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-3065 HIGH POC PATCH This Week

Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36078 HIGH POC PATCH This Week

Binary provides encoding/decoding in Borsh and other formats. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Binary
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-36076 HIGH POC PATCH This Week

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

PostgreSQL CSRF Redis Node.js Nodebb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-36754 HIGH POC This Week

Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Expense Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-36593 MEDIUM POC This Month

kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Kkfileview
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-36640 CRITICAL PATCH Act Now

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Influxdb
NVD VulDB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-36759 CRITICAL Act Now

Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Food Ordering System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2022-34371 CRITICAL PATCH Act Now

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-25668 CRITICAL Act Now

Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +143
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-25659 CRITICAL Act Now

Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +151
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-25658 CRITICAL Act Now

Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +142
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-25657 CRITICAL Act Now

Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8017 Firmware Apq8053 Firmware Aqt1000 Firmware +104
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-22096 CRITICAL PATCH Act Now

Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Qualcomm Buffer Overflow Aqt1000 Firmware Qca6390 Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-38054 CRITICAL PATCH Act Now

In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Session Fixation Airflow
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-29063 CRITICAL PATCH Act Now

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Atlassian Deserialization RCE Ofbiz
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-25371 CRITICAL PATCH Act Now

Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Apache Path Traversal RCE Ofbiz
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2022-36609 CRITICAL Act Now

Clinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Clinic S Patient Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-36647 MEDIUM POC This Month

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Davs2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-36639 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Garage Management System
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36637 MEDIUM POC This Month

Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Garage Management System
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36638 MEDIUM POC This Month

An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Garage Management System
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-22062 CRITICAL Act Now

An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware +197
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2022-39194 MEDIUM POC This Month

An issue was discovered in the MediaWiki through 1.38.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mediawiki
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-39176 HIGH PATCH This Week

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Bluez Ubuntu Linux Debian Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-39177 HIGH PATCH This Week

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Bluez Ubuntu Linux Debian Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-37679 MEDIUM POC This Month

Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Miniblog Core
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-36600 MEDIUM POC This Month

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Blogengine Net
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-39170 HIGH PATCH This Week

libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libdwarf Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-31176 HIGH PATCH This Week

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Grafana Grafana Image Renderer
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-34382 HIGH PATCH This Week

Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Privilege Escalation Alienware Update Command Update Update
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-25680 HIGH This Week

Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Msm8996au Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22106 HIGH This Week

Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sa8540p Firmware Sa9000p Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22104 HIGH This Week

Memory corruption in multimedia due to improper check on the messages received. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8096Au Firmware Msm8996au Firmware Qam8295p Firmware +16
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22102 HIGH This Week

Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Qca6574au Firmware Qca6696 Firmware Sa6145p Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22100 HIGH This Week

Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Buffer Overflow Apq8096Au Firmware Qam8295p Firmware +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22099 HIGH This Week

Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sa8540p Firmware Sa9000p Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22098 HIGH This Week

Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8096Au Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22097 HIGH PATCH This Week

Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Memory Corruption Qualcomm Use After Free +8
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22080 HIGH PATCH This Week

Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Qualcomm Buffer Overflow Apq8053 Firmware Apq8096Au Firmware +110
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22070 HIGH This Week

Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Buffer Overflow Aqt1000 Firmware Ar8031 Firmware +143
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22069 HIGH This Week

Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Aqt1000 Firmware Qca6390 Firmware Qca6391 Firmware +84
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22067 HIGH This Week

Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Ar8035 Firmware Qca6390 Firmware Qca6391 Firmware +56
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-22061 HIGH This Week

Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Ar8035 Firmware Qca6390 Firmware Qca6391 Firmware +30
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22059 HIGH This Week

Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Buffer Overflow Apq8017 Firmware Apq8053 Firmware +93
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39189 HIGH PATCH This Week

An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Hci Baseboard Management Controller
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy