Skip to main content
CVE-2022-2431 HIGH POC PATCH This Week

The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE WordPress PHP Download Manager
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-2633 HIGH POC PATCH THREAT This Week

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF WordPress PHP All In One Video Gallery
NVD
CVSS 3.1
8.2
EPSS
25.9%
CVE-2022-38530 HIGH POC This Week

GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38529 HIGH POC This Week

tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflow via the component rleUncompress. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tinyexr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3134 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0389. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-25308 HIGH POC This Week

A stack-based buffer overflow flaw was found in the Fribidi package. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Fribidi Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-36064 HIGH POC PATCH This Week

Shescape is a shell escape package for JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Shescape
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-36058 HIGH POC PATCH This Week

Elrond go is the go implementation for the Elrond Network protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Elrond Go
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31790 HIGH POC This Week

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-2901 HIGH POC PATCH This Week

Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Chatwoot
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-2434 HIGH PATCH This Week

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

WordPress Deserialization PHP String Locator
NVD VulDB
CVSS 3.1
8.8
EPSS
4.2%
CVE-2022-2436 HIGH PATCH This Week

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Download Manager
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-2233 HIGH PATCH This Week

The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP WordPress CSRF Banner Cycler
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-2541 HIGH PATCH This Week

The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

XSS WordPress PHP CSRF Ucontext For Amazon
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-2542 HIGH PATCH This Week

The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP XSS WordPress CSRF Ucontext For Clickbank
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-2518 HIGH This Week

The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Stockists Manager For Woocommerce
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-2540 HIGH PATCH This Week

The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

XSS PHP WordPress CSRF Link Optimizer Lite
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-35847 HIGH This Week

An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Fortisoar
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-23684 HIGH This Week

A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Privilege Escalation Aos Cx
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-23680 HIGH This Week

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba CSRF Aos Cx
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-23679 HIGH This Week

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba CSRF Aos Cx
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-31020 HIGH PATCH This Week

Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Indy Node
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-34883 HIGH This Week

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Docker Command Injection Raid Manager Storage Replication Adapter
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-23451 HIGH PATCH This Week

An authorization flaw was found in openstack-barbican. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Denial Of Service Barbican Openstack Platform
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-2429 HIGH This Week

The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Ultimate Sms Notifications For Woocommerce
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2022-38176 HIGH This Week

An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Safeq
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-26861 HIGH This Week

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware M15 R6 Firmware Chengming 3980 Firmware Chengming 3988 Firmware +396
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-26860 HIGH This Week

Dell BIOS versions contain a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Inspiron 7501 Firmware Latitude 3420 Firmware Inspiron 5502 Firmware Latitude 7400 2 In 1 Firmware Latitude 3520 Firmware +398
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-26858 HIGH This Week

Dell BIOS versions contain an Improper Authentication vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Inspiron 7501 Firmware Latitude 3420 Firmware Inspiron 5502 Firmware Latitude 7400 2 In 1 Firmware Latitude 3520 Firmware +396
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-36044 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36043 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36041 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36040 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Python Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36042 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36039 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36038 HIGH PATCH This Week

CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Circuitverse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-31791 HIGH This Week

WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30298 HIGH This Week

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Python Privilege Escalation Fortisoar
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2735 HIGH PATCH This Week

A vulnerability was found in the PCS project. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Pcs Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-29058 HIGH This Week

An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection SQLi Fortiap Fortiap S Fortiap U +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-26469 HIGH This Week

In MtkEmail, there is a possible escalation of privilege due to fragment injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23682 HIGH This Week

Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Aruba Command Injection Aos Cx
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-23681 HIGH This Week

Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Aruba Command Injection Aos Cx
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-2442 HIGH PATCH This Week

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP WordPress Migration Backup Staging
NVD VulDB
CVSS 3.1
7.2
EPSS
2.8%
CVE-2022-36065 HIGH PATCH This Week

GrowthBook is an open-source platform for feature flagging and A/B testing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Google Python Path Traversal RCE Growthbook
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-37185 HIGH This Week

SQL injection vulnerability exists in the school information query interface (repschoolproj.php) of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft PHP SQLi Ems
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-32264 HIGH PATCH This Week

sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freebsd
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2433 HIGH PATCH This Week

The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress PHP Ajax Load More
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-28885 HIGH This Week

A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing the scanning request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlant Linux Security
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-28884 HIGH This Week

A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Business Suite Elements Endpoint Protection Internet Gatekeeper Linux Security
NVD
CVSS 3.1
7.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy