Skip to main content
CVE-2022-39206 CRITICAL POC PATCH Act Now

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Code Injection Onedev
NVD GitHub
CVSS 3.1
9.9
EPSS
1.7%
CVE-2022-35413 CRITICAL POC PATCH THREAT Act Now

WAPPLES through 6.0 has a hardcoded systemi account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Wapples
NVD
CVSS 3.1
9.8
EPSS
12.5%
CVE-2022-38637 CRITICAL POC Act Now

Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2022-39205 CRITICAL POC PATCH Act Now

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Authentication Bypass Onedev
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-38541 CRITICAL POC Act Now

Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38616 HIGH POC This Week

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smartvista Front End
NVD VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-38305 HIGH POC This Week

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Aerocms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-37190 HIGH POC THREAT This Week

CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Cuppacms
NVD GitHub
CVSS 3.1
8.8
EPSS
45.8%
CVE-2022-40623 HIGH POC This Week

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wn531G3 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-40622 HIGH POC This Week

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wn531G3 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3179 HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Rdiffweb
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-33679 HIGH POC This Week

Windows Kerberos Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
8.1
EPSS
8.1%
CVE-2022-38495 HIGH POC PATCH This Week

LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lief
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38306 HIGH POC PATCH This Week

LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lief
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2962 HIGH POC PATCH This Week

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-40621 HIGH POC This Week

Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Wn531G3 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-39208 HIGH POC PATCH This Week

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Path Traversal Onedev
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-3174 HIGH POC PATCH This Week

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-2990 HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buildah Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-2989 HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Podman Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-37191 MEDIUM POC This Month

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Cuppacms
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2022-38771 CRITICAL Act Now

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mojodat Fixed Asset Management
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38768 CRITICAL Act Now

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mojodat Fixed Asset Management
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39815 CRITICAL Act Now

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Command Injection 1350 Optical Management System
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-20391 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20390 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20389 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20388 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20387 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20386 CRITICAL Act Now

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-20385 CRITICAL Act Now

a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-34722 CRITICAL Act Now

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-34721 CRITICAL Act Now

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
9.8
EPSS
75.7%
CVE-2022-34718 CRITICAL Act Now

Windows TCP/IP Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
9.8
EPSS
48.1%
CVE-2022-38542 CRITICAL Act Now

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38540 CRITICAL Act Now

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38539 CRITICAL Act Now

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38538 CRITICAL Act Now

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38537 CRITICAL Act Now

Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36779 CRITICAL Act Now

PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G /. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection M330 W Firmware M330 W5 Firmware M350 5G Firmware M350 W5G Firmware +5
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-37011 CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Saml
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38497 MEDIUM POC PATCH This Month

LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Lief
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38496 MEDIUM POC PATCH This Month

LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lief
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38307 MEDIUM POC PATCH This Month

LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Lief
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3190 MEDIUM POC This Month

Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2022-31861 MEDIUM POC This Month

Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Thingsboard
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-39207 MEDIUM POC PATCH This Month

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Onedev
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-36780 MEDIUM POC This Month

Avdor CIS - crystal quality Credentials Management Errors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Crystal Quality
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-3175 MEDIUM POC PATCH This Month

Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-35295 MEDIUM POC This Month

In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Privilege Escalation Host Agent
NVD
CVSS 3.1
4.9
EPSS
1.2%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy