Skip to main content
CVE-2022-22105 CRITICAL Act Now

Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Apq8009 Firmware Apq8017 Firmware +49
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-3225 MEDIUM POC PATCH This Month

Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Budibase
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2022-40755 MEDIUM POC This Month

JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35194 MEDIUM POC This Month

TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Testlink
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37248 MEDIUM POC PATCH This Month

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37250 MEDIUM POC PATCH This Month

Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37709 MEDIUM POC This Month

Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Model 3 Firmware Tesla
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-2877 MEDIUM POC This Month

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Titan Anti Spam Security
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-35938 CRITICAL PATCH Act Now

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-35937 CRITICAL PATCH Act Now

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-39008 CRITICAL Act Now

The NFC module has bundle serialization/deserialization vulnerabilities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2022-39003 CRITICAL Act Now

Buffer overflow vulnerability in the video framework. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Magic Ui
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-2863 MEDIUM POC THREAT This Month

The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Migration Backup Staging
NVD WPScan
CVSS 3.1
4.9
EPSS
18.1%
CVE-2022-40337 HIGH This Week

OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Open Aviation Strategic Engineering System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-2887 MEDIUM POC This Month

The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Server Health Stats
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2799 MEDIUM POC This Month

The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Affiliates Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2737 MEDIUM POC This Month

The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Staging
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2635 MEDIUM POC This Month

The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Autoptimize
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2575 MEDIUM POC This Month

The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wbw Currency Switcher For Woocommerce
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2351 MEDIUM POC This Month

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Post Smtp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2913 MEDIUM POC This Month

The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Login No Captcha Recaptcha
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-2912 MEDIUM POC This Month

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Craw Data
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-28758 HIGH This Week

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zoom On Premise Meeting Connector Mmr
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-2333 HIGH This Week

If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Honeywell Softmaster
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-2332 HIGH This Week

A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Honeywell Privilege Escalation Softmaster
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-38434 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Adobe Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38433 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38432 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38431 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38430 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38429 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38427 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38426 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38417 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38416 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38415 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38414 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38413 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38405 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38404 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38403 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38402 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38401 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-35713 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28853 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28852 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38412 HIGH This Week

Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38411 HIGH This Week

Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Animate
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-38408 HIGH This Week

Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-3176 HIGH PATCH This Week

There exists a use-after-free in io_uring in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Linux Use After Free Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy