Skip to main content
CVE-2022-2518 HIGH This Week

The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Stockists Manager For Woocommerce
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-2540 HIGH PATCH This Week

The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

XSS PHP WordPress CSRF Link Optimizer Lite
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-35847 HIGH This Week

An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Fortisoar
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-23684 HIGH This Week

A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Privilege Escalation Aos Cx
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-23680 HIGH This Week

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba CSRF Aos Cx
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-23679 HIGH This Week

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba CSRF Aos Cx
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-31020 HIGH PATCH This Week

Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Indy Node
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-34883 HIGH This Week

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Docker Command Injection Raid Manager Storage Replication Adapter
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-2432 MEDIUM POC PATCH This Month

The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF WordPress Ecwid Ecommerce Shopping Cart
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-23451 HIGH PATCH This Week

An authorization flaw was found in openstack-barbican. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Denial Of Service Barbican Openstack Platform
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-2429 HIGH This Week

The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Ultimate Sms Notifications For Woocommerce
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2022-38176 HIGH This Week

An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Safeq
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-26861 HIGH This Week

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware M15 R6 Firmware Chengming 3980 Firmware Chengming 3988 Firmware +396
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-26860 HIGH This Week

Dell BIOS versions contain a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Inspiron 7501 Firmware Latitude 3420 Firmware Inspiron 5502 Firmware Latitude 7400 2 In 1 Firmware Latitude 3520 Firmware +398
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-26858 HIGH This Week

Dell BIOS versions contain an Improper Authentication vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Inspiron 7501 Firmware Latitude 3420 Firmware Inspiron 5502 Firmware Latitude 7400 2 In 1 Firmware Latitude 3520 Firmware +396
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-36044 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36043 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36041 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36040 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Python Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36042 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36039 HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Rizin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36038 HIGH PATCH This Week

CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Circuitverse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-31791 HIGH This Week

WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30298 HIGH This Week

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Python Privilege Escalation Fortisoar
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2735 HIGH PATCH This Week

A vulnerability was found in the PCS project. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Pcs Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-29058 HIGH This Week

An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection SQLi Fortiap Fortiap S Fortiap U +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-26469 HIGH This Week

In MtkEmail, there is a possible escalation of privilege due to fragment injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23682 HIGH This Week

Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Aruba Command Injection Aos Cx
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-23681 HIGH This Week

Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Aruba Command Injection Aos Cx
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-2442 HIGH PATCH This Week

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP WordPress Migration Backup Staging
NVD VulDB
CVSS 3.1
7.2
EPSS
2.8%
CVE-2022-36065 HIGH PATCH This Week

GrowthBook is an open-source platform for feature flagging and A/B testing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Google Python Path Traversal RCE Growthbook
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-37185 HIGH This Week

SQL injection vulnerability exists in the school information query interface (repschoolproj.php) of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft PHP SQLi Ems
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-32264 HIGH PATCH This Week

sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-service (DoS) vulnerability due to improper handling of TSopt on TCP connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freebsd
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2433 HIGH PATCH This Week

The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress PHP Ajax Load More
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-28885 HIGH This Week

A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing the scanning request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlant Linux Security
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-28884 HIGH This Week

A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Business Suite Elements Endpoint Protection Internet Gatekeeper Linux Security
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-27664 HIGH PATCH This Week

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Fedora
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2022-27491 HIGH This Week

A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-40112 HIGH This Week

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow A3002r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-40110 HIGH This Week

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow A3002r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-37841 HIGH This Week

In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A860R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-2438 HIGH PATCH This Week

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Broken Link Checker
NVD VulDB
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-2717 HIGH PATCH This Week

The JoomSport - for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Joomsport
NVD VulDB
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-2718 HIGH PATCH This Week

The JoomSport - for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Joomsport
NVD VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-23683 HIGH This Week

Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Aos Cx
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2022-26859 HIGH This Week

Dell BIOS contains a race condition vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Dell Alienware M15 R6 Firmware Chengming 3980 Firmware Chengming 3988 Firmware +396
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-23691 MEDIUM This Month

A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Aruba Authentication Bypass Aos Cx
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-26470 MEDIUM This Month

In aie, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26467 MEDIUM This Month

In rpmb, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26466 MEDIUM This Month

In audio ipi, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy