Skip to main content
CVE-2022-39824 HIGH POC This Week

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appsmith
NVD GitHub
CVSS 3.1
8.9
EPSS
0.9%
CVE-2022-3008 HIGH POC PATCH This Week

The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Tinygltf Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2022-39838 HIGH POC This Week

Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Systematic Fix Adapter Firmware
NVD GitHub
CVSS 3.1
8.6
EPSS
1.6%
CVE-2022-39843 HIGH POC This Week

123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Lotus 1 2 3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-39832 HIGH POC This Week

An issue was discovered in PSPP 1.6.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Pspp Fedora
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-39831 HIGH POC This Week

An issue was discovered in PSPP 1.6.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Pspp Fedora
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2083 HIGH POC This Week

The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Simple Sign On
NVD WPScan
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-39830 HIGH POC This Week

sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Denial Of Service Mtower
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-39829 HIGH POC This Week

There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Null Pointer Dereference Denial Of Service Mtower
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-39828 HIGH POC This Week

sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Denial Of Service Mtower
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-2565 HIGH POC This Week

The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple Payment Donations Subscriptions
NVD WPScan
CVSS 3.1
7.2
EPSS
0.6%
CVE-2022-30331 HIGH This Week

The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Tigergraph
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3121 HIGH This Week

A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Online Employee Leave Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-38369 HIGH PATCH This Week

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Session Fixation Iotdb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-39051 HIGH This Week

Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-38370 HIGH PATCH This Week

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Grafana Iotdb
NVD
CVSS 3.1
7.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy