Skip to main content
CVE-2022-36534 HIGH POC THREAT Act Now

Super Flexible Software GmbH & Co. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 54.2%.

RCE PHP Syncovery
NVD VulDB
CVSS 3.1
8.8
EPSS
54.2%
Threat
4.9
CVE-2022-36532 HIGH POC THREAT Act Now

Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.3%.

RCE Bolt Cms
NVD VulDB
CVSS 3.1
8.8
EPSS
25.3%
Threat
4.0
CVE-2022-38843 HIGH POC This Week

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Espocrm
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-38808 HIGH POC This Week

ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ywoa
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-1194 HIGH POC This Week

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Code Injection Mobile Events Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-38844 HIGH POC This Week

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Espocrm
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2022-2798 HIGH POC This Week

The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Code Injection Affiliates Manager
NVD WPScan
CVSS 3.1
8.0
EPSS
0.9%
CVE-2022-38611 HIGH POC This Week

Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Anti Virus
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36027 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-3217 HIGH POC This Week

When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vbase
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-39063 HIGH POC This Week

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open5gs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-40152 HIGH POC PATCH THREAT This Week

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Xstream Woodstox
NVD GitHub
CVSS 3.1
7.5
EPSS
19.7%
CVE-2022-40151 HIGH POC PATCH This Week

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Xstream
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-38878 HIGH POC This Week

School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38877 HIGH POC This Week

Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Garage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-35195 HIGH POC This Week

TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Testlink
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-35193 HIGH POC This Week

TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Testlink
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-38833 HIGH POC This Week

School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-38832 HIGH POC This Week

School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40337 HIGH This Week

OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Open Aviation Strategic Engineering System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-28758 HIGH This Week

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zoom On Premise Meeting Connector Mmr
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-2333 HIGH This Week

If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Honeywell Softmaster
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-2332 HIGH This Week

A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Honeywell Privilege Escalation Softmaster
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-38434 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Adobe Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38433 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38432 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38431 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38430 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38429 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38427 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38426 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38417 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38416 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38415 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38414 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38413 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38405 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38404 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38403 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38402 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38401 HIGH This Week

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-35713 HIGH This Week

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Buffer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28853 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28852 HIGH This Week

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38412 HIGH This Week

Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38411 HIGH This Week

Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Adobe Buffer Overflow Animate
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-38408 HIGH This Week

Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-3176 HIGH PATCH This Week

There exists a use-after-free in io_uring in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Linux Use After Free Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-25693 HIGH PATCH This Week

Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Qualcomm Use After Free Sd 8 Gen1 5g Firmware +14
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25656 HIGH PATCH This Week

Possible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the payload size in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Qualcomm Buffer Overflow Ar8035 Firmware Qca6174a Firmware +63
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy