Skip to main content
CVE-2022-38931 HIGH POC This Week

A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Baijiacms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-40250 HIGH POC This Week

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow Nuc M15 Laptop Kit Lapbc510 Firmware Nuc M15 Laptop Kit Lapbc710 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-37205 HIGH POC This Week

JFinal CMS 5.1.0 is affected by: SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-35196 HIGH POC This Week

TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Testlink
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-40262 HIGH POC This Week

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Aptio V Server Board M10Jnp2Sb Firmware
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-40261 HIGH POC This Week

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Nuc M15 Laptop Kit Lapbc510 Firmware Nuc M15 Laptop Kit Lapbc710 Firmware Aptio V
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-26873 HIGH POC This Week

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow Nuc M15 Laptop Kit Lapbc510 Firmware Nuc M15 Laptop Kit Lapbc710 Firmware +1
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-39974 HIGH POC This Week

WASM3 v0.5.0 was discovered to contain a segmentation fault via the component op_Select_i32_srs in wasm3/source/m3_exec.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wasm3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40246 HIGH POC This Week

A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only during S3 resume boot mode) and influence the subsequent boot stages. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nuc M15 Laptop Kit Lapbc510 Firmware Nuc M15 Laptop Kit Lapbc710 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2022-32912 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Apple Buffer Overflow Safari +2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32886 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +4
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-28640 HIGH This Week

A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE HP Code Injection Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-28639 HIGH This Week

A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-26696 HIGH This Week

This issue was addressed with improved environment sanitization. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-23696 HIGH This Week

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba SQLi Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23695 HIGH This Week

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba SQLi Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23694 HIGH This Week

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba SQLi Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23693 HIGH This Week

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba SQLi Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23692 HIGH This Week

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba SQLi Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23685 HIGH This Week

A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba CSRF Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-40955 HIGH PATCH This Week

In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization RCE Inlong
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-30579 HIGH This Week

The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Spotfire Analytics Platform Spotfire Server
NVD
CVSS 3.1
8.4
EPSS
0.5%
CVE-2022-32917 HIGH KEV THREAT This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +2
NVD
CVSS 3.1
7.8
EPSS
5.6%
CVE-2022-32911 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-32908 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-32802 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28638 HIGH This Week

An isolated local disclosure of information and potential isolated local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28637 HIGH This Week

A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

HP Denial Of Service RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37877 HIGH This Week

A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Aruba Apple RCE Clearpass Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-39218 HIGH PATCH This Week

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Js Compute
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-37884 HIGH This Week

A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Denial Of Service Clearpass Policy Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-37395 HIGH This Week

A Huawei device has an input verification vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Cv81 Wdm Fw Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-37972 HIGH PATCH This Week

Microsoft Endpoint Configuration Manager Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Endpoint Configuration Manager
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-38955 HIGH This Week

An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Netgear Authentication Bypass Wpn824Ext Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-37259 HIGH This Week

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Steal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-3079 HIGH This Week

Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Cpx Cmxx Firmware Cpx Cec C1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-34917 HIGH PATCH This Week

A security vulnerability has been identified in Apache Kafka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Kafka
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-39958 HIGH PATCH This Week

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39957 HIGH PATCH This Week

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-37883 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-37882 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-37881 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-37880 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-37879 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-37878 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-38340 HIGH PATCH This Week

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Fme Server
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy