Skip to main content
CVE-2022-38577 HIGH POC This Week

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Processmaker
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-38617 HIGH POC This Week

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smartvista
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-38351 HIGH POC This Week

A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Biostar 2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3142 HIGH POC THREAT This Week

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Nex Forms
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
10.4%
CVE-2022-3141 HIGH POC This Week

The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Translatepress
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
3.9%
CVE-2022-2958 HIGH POC This Week

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Badgos
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-37700 HIGH POC This Week

Zentao Demo15 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zentao
NVD VulDB
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-38532 HIGH POC This Week

Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Center
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-28204 HIGH POC This Week

A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Mediawiki
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-28203 HIGH POC This Week

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-40468 HIGH POC This Week

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tinyproxy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-40076 HIGH POC This Week

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetBasic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40075 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40074 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40073 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40072 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: setSmartPowerManagement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40071 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40070 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40069 HIGH POC This Week

]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40068 HIGH POC This Week

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40067 HIGH POC This Week

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac21 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-38576 HIGH POC This Week

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Interview Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-2995 HIGH POC PATCH This Week

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Information Disclosure Cri O
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-38618 HIGH This Week

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Smartvista
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-23766 HIGH This Week

An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bigfileagent
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3239 HIGH PATCH This Week

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-40142 HIGH PATCH This Week

A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Trend Micro Privilege Escalation Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38764 HIGH This Week

A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Housecall
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-34893 HIGH PATCH This Week

Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Trend Micro Privilege Escalation Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-40978 HIGH This Week

The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-35708 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Heap Overflow Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-35707 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-35706 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Heap Overflow Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-35705 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-35704 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption RCE Adobe Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-35703 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-35702 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-35701 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption RCE Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-35700 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption RCE Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-35699 HIGH PATCH This Week

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption RCE Adobe Buffer Overflow Bridge
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-29908 HIGH This Week

The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabasoft Cloud Enterprise Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-40608 HIGH This Week

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM Path Traversal Spectrum Protect Plus
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-40141 HIGH PATCH This Week

A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-38333 HIGH This Week

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openwrt
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-40143 HIGH PATCH This Week

A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

RCE Trend Micro Privilege Escalation Apex One
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2022-40139 HIGH KEV PATCH THREAT This Week

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro Apex One
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2022-38341 HIGH PATCH This Week

Safe Software FME Server v2021.2.5 and below does not employ server-side validation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fme Server
NVD
CVSS 3.1
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy