Skip to main content
CVE-2022-36636 HIGH POC This Week

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Garage Management System
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36071 HIGH POC PATCH This Week

SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sftpgo
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-31196 HIGH POC PATCH This Week

Databasir is a database metadata management platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Databasir
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-3065 HIGH POC PATCH This Week

Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36078 HIGH POC PATCH This Week

Binary provides encoding/decoding in Borsh and other formats. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Binary
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-36076 HIGH POC PATCH This Week

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

PostgreSQL CSRF Redis Node.js Nodebb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-36754 HIGH POC This Week

Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Expense Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-39176 HIGH PATCH This Week

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Bluez Ubuntu Linux Debian Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-39177 HIGH PATCH This Week

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Bluez Ubuntu Linux Debian Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-39170 HIGH PATCH This Week

libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libdwarf Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-31176 HIGH PATCH This Week

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Grafana Grafana Image Renderer
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-34382 HIGH PATCH This Week

Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Privilege Escalation Alienware Update Command Update Update
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-25680 HIGH This Week

Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Msm8996au Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22106 HIGH This Week

Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sa8540p Firmware Sa9000p Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22104 HIGH This Week

Memory corruption in multimedia due to improper check on the messages received. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8096Au Firmware Msm8996au Firmware Qam8295p Firmware +16
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22102 HIGH This Week

Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Qca6574au Firmware Qca6696 Firmware Sa6145p Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22100 HIGH This Week

Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Buffer Overflow Apq8096Au Firmware Qam8295p Firmware +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22099 HIGH This Week

Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sa8540p Firmware Sa9000p Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22098 HIGH This Week

Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8096Au Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22097 HIGH PATCH This Week

Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Memory Corruption Qualcomm Use After Free +8
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22080 HIGH PATCH This Week

Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Qualcomm Buffer Overflow Apq8053 Firmware Apq8096Au Firmware +110
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22070 HIGH This Week

Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Buffer Overflow Aqt1000 Firmware Ar8031 Firmware +143
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22069 HIGH This Week

Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Aqt1000 Firmware Qca6390 Firmware Qca6391 Firmware +84
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22067 HIGH This Week

Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Ar8035 Firmware Qca6390 Firmware Qca6391 Firmware +56
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-22061 HIGH This Week

Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Ar8035 Firmware Qca6390 Firmware Qca6391 Firmware +30
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22059 HIGH This Week

Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Buffer Overflow Apq8017 Firmware Apq8053 Firmware +93
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39189 HIGH PATCH This Week

An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Hci Baseboard Management Controller
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31152 HIGH PATCH This Week

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synapse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-34369 HIGH PATCH This Week

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29158 HIGH PATCH This Week

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Atlassian Denial Of Service Ofbiz
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-25813 HIGH PATCH This Week

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ssti Information Disclosure Apache Ofbiz
NVD
CVSS 3.1
7.5
EPSS
67.3%
CVE-2022-37458 HIGH This Week

Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy