Skip to main content
CVE-2022-38616 HIGH POC This Week

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smartvista Front End
NVD VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-38305 HIGH POC This Week

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Aerocms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-37190 HIGH POC THREAT This Week

CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Cuppacms
NVD GitHub
CVSS 3.1
8.8
EPSS
45.8%
CVE-2022-40623 HIGH POC This Week

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wn531G3 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-40622 HIGH POC This Week

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wn531G3 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3179 HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Rdiffweb
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-33679 HIGH POC This Week

Windows Kerberos Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
8.1
EPSS
8.1%
CVE-2022-38495 HIGH POC PATCH This Week

LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lief
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38306 HIGH POC PATCH This Week

LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lief
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2962 HIGH POC PATCH This Week

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-40621 HIGH POC This Week

Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Wn531G3 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-39208 HIGH POC PATCH This Week

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Path Traversal Onedev
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-3174 HIGH POC PATCH This Week

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-2990 HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buildah Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-2989 HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Podman Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-35582 HIGH This Week

Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wapples
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-34102 HIGH This Week

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Airmedia
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-39819 HIGH This Week

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia Command Injection 1350 Optical Management System
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-39817 HIGH This Week

In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia SQLi 1350 Optical Management System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-32555 HIGH This Week

Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Data Exchange Management Studio
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-39203 HIGH PATCH This Week

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Privilege Escalation Matrix Irc Bridge
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-38009 HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-38008 HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-37961 HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
50.0%
CVE-2022-35841 HIGH This Week

Windows Enterprise App Management Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-35840 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-35836 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-35835 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-35834 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-35823 HIGH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
52.9%
CVE-2022-35805 HIGH This Week

Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Dynamics 365
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2022-34734 HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-34733 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-34732 HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-34731 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-34730 HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-34727 HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-34726 HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-34700 HIGH This Week

Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SQLi RCE Dynamics 365
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2022-34100 HIGH This Week

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Airmedia
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-36103 HIGH PATCH This Week

Talos Linux is a Linux distribution built for Kubernetes deployments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Kubernetes Talos Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-38139 HIGH This Week

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Rd Station
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-36782 HIGH This Week

Pal Electronics Systems - Pal Gate Authorization Errors. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Palgate
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2022-30196 HIGH This Week

Windows Secure Channel Denial of Service Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 11 Windows Server 2019 +1
NVD
CVSS 3.1
8.2
EPSS
1.6%
CVE-2022-37958 HIGH This Week

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Windows 10 Windows 11 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
8.1
EPSS
85.8%
CVE-2022-35830 HIGH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2022-33647 HIGH This Week

Windows Kerberos Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2022-38013 HIGH PATCH This Week

.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core Visual Studio 2019 Visual Studio 2022 +1
NVD VulDB
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-38633 HIGH This Week

Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Genymotion Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-34101 HIGH This Week

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Airmedia
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy