Skip to main content
CVE-2022-39821 HIGH This Week

In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nokia 1350 Optical Management System
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-35838 HIGH This Week

HTTP V3 Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Windows 11 Windows Server 2022
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-35833 HIGH This Week

Windows Secure Channel Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-34724 HIGH This Week

Windows DNS Server Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2022-34720 HIGH This Week

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2022-36104 HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

PHP Denial Of Service Typo3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-32190 HIGH PATCH This Week

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Go
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-3029 HIGH PATCH This Week

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Routinator
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-39801 HIGH This Week

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass SAP Access Control
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-38100 HIGH This Week

The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cms8000 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-1278 HIGH PATCH This Week

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wildfly Amq Amq Online Integration Camel K +4
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-38020 HIGH This Week

Visual Studio Code Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Visual Studio Code
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2022-38011 HIGH PATCH This Week

Raw Image Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

RCE Raw Image Extension
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2022-30170 HIGH This Week

Windows Credential Roaming Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.3
EPSS
1.5%
CVE-2022-40635 HIGH PATCH This Week

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-40634 HIGH PATCH This Week

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-3182 HIGH This Week

Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Remote Desktop Manager
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-34725 HIGH This Week

Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Race Condition Information Disclosure Windows 10 Windows 11 +8
NVD
CVSS 3.1
7.0
EPSS
5.4%
CVE-2022-26928 HIGH This Week

Windows Photo Import API Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Race Condition Information Disclosure Windows 10 Windows 11 +3
NVD
CVSS 3.1
7.0
EPSS
0.7%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy