Skip to main content
CVE-2022-38301 HIGH POC PATCH This Week

Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Onedev
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3216 HIGH POC This Week

A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Game Boy Color Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-36667 HIGH POC THREAT This Week

Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Garage Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
24.4%
CVE-2022-37140 HIGH POC This Week

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Paymoney
NVD GitHub
CVSS 3.1
8.0
EPSS
1.3%
CVE-2022-40673 HIGH POC PATCH This Week

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Kdiskmark Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3212 HIGH POC PATCH This Week

<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Axum Core
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36113 HIGH PATCH This Week

Cargo is a package manager for the rust programming language. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Cargo
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-40674 HIGH PATCH This Week

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Libexpat Debian Linux +1
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2022-2977 HIGH PATCH This Week

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Privilege Escalation Use After Free Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20364 HIGH This Week

In sysmmu_unmap of TBD, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-2277 HIGH This Week

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-29922 HIGH This Week

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-29492 HIGH This Week

Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-3202 HIGH PATCH This Week

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service Linux Kernel H410c Firmware +4
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy