Skip to main content
CVE-2022-31814 CRITICAL POC THREAT Emergency

pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pfblockerng
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
87.2%
CVE-2022-39824 HIGH POC This Week

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appsmith
NVD GitHub
CVSS 3.1
8.9
EPSS
0.9%
CVE-2022-3008 HIGH POC PATCH This Week

The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Tinygltf Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2022-39838 HIGH POC This Week

Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Systematic Fix Adapter Firmware
NVD GitHub
CVSS 3.1
8.6
EPSS
1.6%
CVE-2022-39843 HIGH POC This Week

123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Lotus 1 2 3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-39832 HIGH POC This Week

An issue was discovered in PSPP 1.6.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Pspp Fedora
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-39831 HIGH POC This Week

An issue was discovered in PSPP 1.6.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Pspp Fedora
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2083 HIGH POC This Week

The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Simple Sign On
NVD WPScan
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-39830 HIGH POC This Week

sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Denial Of Service Mtower
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-39829 HIGH POC This Week

There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Null Pointer Dereference Denial Of Service Mtower
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-39828 HIGH POC This Week

sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Denial Of Service Mtower
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-2565 HIGH POC This Week

The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple Payment Donations Subscriptions
NVD WPScan
CVSS 3.1
7.2
EPSS
0.6%
CVE-2022-39196 MEDIUM POC This Month

Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Blackboard Learn
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-2543 MEDIUM POC This Month

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Visual Portfolio Photo Gallery Post Grid
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3123 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Dokuwiki Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-3122 CRITICAL Act Now

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Clinic S Patient Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2830 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Gravityzone
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-3120 CRITICAL Act Now

A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Clinic S Patient Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2775 MEDIUM POC This Month

The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Fastflow
NVD WPScan
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-38750 MEDIUM POC PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-3127 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2597 MEDIUM POC This Month

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Visual Portfolio Photo Gallery Post Grid
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-2376 MEDIUM POC This Month

The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Directorist
NVD WPScan
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-30331 HIGH This Week

The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Tigergraph
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3121 HIGH This Week

A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Online Employee Leave Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-38369 HIGH PATCH This Week

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Session Fixation Iotdb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-39051 HIGH This Week

Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-39840 MEDIUM POC This Month

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cotonti Siena
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-39839 MEDIUM POC This Month

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cotonti Siena
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-2657 MEDIUM POC This Month

The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Multivendor Marketplace Solution For Woocommerce Wc Marketplace
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-38370 HIGH PATCH This Week

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Grafana Iotdb
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-38752 MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-38751 MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-38749 MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-39842 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.19. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Linux Buffer Overflow Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-38367 MEDIUM This Month

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian User Export For Jira
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-2271 MEDIUM This Month

The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Database Backup
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-39050 MEDIUM This Month

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-39049 MEDIUM This Month

An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy