Skip to main content
CVE-2022-40067 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-38576 HIGH POC This Week

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Interview Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-2995 HIGH POC PATCH This Week

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Information Disclosure Cri O
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-35070 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x65fc97. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35069 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b544e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35068 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35067 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35066 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35065 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35064 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35063 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35062 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35061 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35060 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-38527 MEDIUM POC This Month

UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2753 MEDIUM POC THREAT This Month

The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ketchup Restaurant Reservations
NVD WPScan
CVSS 3.1
6.1
EPSS
83.4%
CVE-2022-28321 CRITICAL PATCH Act Now

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Linux Pam
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-0143 CRITICAL PATCH Act Now

When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ldap Connector
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-23768 CRITICAL Act Now

This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nis Hap11Ac Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23767 CRITICAL Act Now

This vulnerability of SecureGate is SQL-Injection using login without password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Securegate Weblink
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40144 CRITICAL PATCH Act Now

A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Trend Micro Apex One
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-40812 CRITICAL Act Now

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Democritus Pdfs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40810 CRITICAL Act Now

The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Democritus Ip Addresses
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40809 CRITICAL Act Now

The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Democritus Dicts
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38550 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jeesns
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40980 CRITICAL Act Now

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trend Micro Mobile Security
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-38618 HIGH This Week

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Smartvista
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-23766 HIGH This Week

An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bigfileagent
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3036 MEDIUM POC This Month

The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Gettext Override Translations
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-3021 MEDIUM POC This Month

The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Slickr Flickr
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2710 MEDIUM POC This Month

The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Scroll To Top
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2709 MEDIUM POC This Month

The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Float To Top Button
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2567 MEDIUM POC This Month

The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Form Builder Cp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-28201 MEDIUM POC PATCH This Month

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2022-1591 MEDIUM POC This Month

The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wordpress Ping Optimizer
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-1580 MEDIUM POC This Month

The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Site Offline
NVD WPScan
CVSS 3.1
4.3
EPSS
1.3%
CVE-2022-3239 HIGH PATCH This Week

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-40142 HIGH PATCH This Week

A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Trend Micro Privilege Escalation Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38764 HIGH This Week

A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Housecall
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-34893 HIGH PATCH This Week

Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Trend Micro Privilege Escalation Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-40978 HIGH This Week

The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-35708 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Heap Overflow Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-35707 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-35706 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Heap Overflow Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-35705 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-35704 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption RCE Adobe Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-35703 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-35702 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-35701 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption RCE Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-35700 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption RCE Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy