Skip to main content
CVE-2022-40357 CRITICAL POC Act Now

A security issue was discovered in Z-BlogPHP <= 1.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Z Blogphp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40009 CRITICAL POC Act Now

SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicode at /lib/ttf.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Swftools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40008 CRITICAL POC Act Now

SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at /lib/ttf.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-41138 CRITICAL POC PATCH Act Now

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Zutty
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-38916 CRITICAL POC THREAT Act Now

A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pagekit
NVD GitHub
CVSS 3.1
9.8
EPSS
17.6%
CVE-2022-37204 CRITICAL POC Act Now

Final CMS 5.1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-38931 HIGH POC This Week

A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Baijiacms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-40250 HIGH POC This Week

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow Nuc M15 Laptop Kit Lapbc510 Firmware Nuc M15 Laptop Kit Lapbc710 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-37205 HIGH POC This Week

JFinal CMS 5.1.0 is affected by: SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-35196 HIGH POC This Week

TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Testlink
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-40262 HIGH POC This Week

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Aptio V Server Board M10Jnp2Sb Firmware
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-40261 HIGH POC This Week

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Nuc M15 Laptop Kit Lapbc510 Firmware Nuc M15 Laptop Kit Lapbc710 Firmware Aptio V
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-26873 HIGH POC This Week

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow Nuc M15 Laptop Kit Lapbc510 Firmware Nuc M15 Laptop Kit Lapbc710 Firmware +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-39974 HIGH POC This Week

WASM3 v0.5.0 was discovered to contain a segmentation fault via the component op_Select_i32_srs in wasm3/source/m3_exec.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wasm3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40246 HIGH POC This Week

A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only during S3 resume boot mode) and influence the subsequent boot stages. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nuc M15 Laptop Kit Lapbc510 Firmware Nuc M15 Laptop Kit Lapbc710 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2022-3245 MEDIUM POC PATCH This Month

HTML injection attack is closely related to Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Code Injection Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-3242 MEDIUM POC PATCH This Month

Code Injection in GitHub repository microweber/microweber prior to 1.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-32882 CRITICAL Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-32863 CRITICAL Act Now

A memory corruption issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +1
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-32788 CRITICAL Act Now

A buffer overflow was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Ipados Iphone Os +3
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-37265 CRITICAL PATCH Act Now

Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Information Disclosure Prototype Pollution Steal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-39956 CRITICAL PATCH Act Now

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-39955 CRITICAL PATCH Act Now

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-2177 CRITICAL Act Now

Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Kayrasoft
NVD
CVSS 3.1
9.4
EPSS
0.3%
CVE-2022-32167 MEDIUM POC PATCH This Month

Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Privilege Escalation Cloudreve
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3005 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3004 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3000 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2924 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-32912 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Apple Buffer Overflow Safari +2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32886 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +4
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-28640 HIGH This Week

A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE HP Code Injection Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-28639 HIGH This Week

A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-26696 HIGH This Week

This issue was addressed with improved environment sanitization. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-23696 HIGH This Week

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba SQLi Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23695 HIGH This Week

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba SQLi Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23694 HIGH This Week

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba SQLi Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23693 HIGH This Week

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba SQLi Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23692 HIGH This Week

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba SQLi Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23685 HIGH This Week

A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba CSRF Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-40955 HIGH PATCH This Week

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization RCE Inlong
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-30579 HIGH This Week

The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Spotfire Analytics Platform Spotfire Server
NVD
CVSS 3.1
8.4
EPSS
0.5%
CVE-2022-32917 HIGH KEV THREAT This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +2
NVD
CVSS 3.1
7.8
EPSS
5.6%
CVE-2022-32911 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-32908 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-32802 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28638 HIGH This Week

An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28637 HIGH This Week

A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

HP Denial Of Service RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37877 HIGH This Week

A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Aruba Apple RCE Clearpass Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-39218 HIGH PATCH This Week

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Js Compute
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy