Skip to main content
CVE-2022-40030 CRITICAL POC Act Now

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Task Managing System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38619 CRITICAL POC Act Now

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smartvista Front End
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41220 CRITICAL POC Act Now

md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Md2Roff
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-3068 HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Octoprint
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-35895 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-39224 HIGH POC PATCH This Week

Arr-pm is an RPM reader/writer library written in Ruby. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Command Injection Ruby Arr Pm
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-38928 HIGH POC This Week

XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdf
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-23952 HIGH POC PATCH This Week

In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Keylime
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-23950 HIGH POC PATCH This Week

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Keylime
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-23949 HIGH POC PATCH This Week

In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Keylime
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-23948 HIGH POC PATCH This Week

A flaw was found in Keylime before 6.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Keylime
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-40026 HIGH POC This Week

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Task Managing System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-37027 HIGH POC THREAT This Week

Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Cloud Backup Suite
NVD
CVSS 3.1
7.2
EPSS
21.7%
CVE-2022-41222 HIGH POC PATCH This Week

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. Rated high severity (CVSS 7.0). Public exploit code available.

Memory Corruption Information Disclosure Linux Use After Free Linux Kernel +3
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2022-40027 MEDIUM POC This Month

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Task Managing System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-28802 CRITICAL Act Now

Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Privilege Escalation Code By Zapier
NVD
CVSS 3.1
9.9
EPSS
1.0%
CVE-2022-41238 CRITICAL Act Now

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Dotci
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41237 CRITICAL Act Now

Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Jenkins Dotci
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-41226 CRITICAL PATCH Act Now

Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Compuware Common Configuration
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37026 CRITICAL PATCH Act Now

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Erlang Otp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-29799 MEDIUM POC THREAT This Month

A vulnerability was found in networkd-dispatcher. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Windows Defender For Endpoint
NVD
CVSS 3.1
5.5
EPSS
11.7%
CVE-2022-23951 MEDIUM POC PATCH This Month

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Keylime
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-41218 MEDIUM POC This Month

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Linux Use After Free Linux Kernel +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-35090 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via __asan_memcpy at /asan/asan_interceptors_memintrinsics.cpp:. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35089 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35088 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap buffer-overflow via getGifDelayTime at /home/bupt/Desktop/swftools/src/src/gif2swf.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35087 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35086 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35085 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0495 CRITICAL Act Now

The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Koha Library Automation
NVD
CVSS 3.1
9.4
EPSS
0.4%
CVE-2022-2315 CRITICAL Act Now

Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Accreditation Tracking Presentation Module
NVD
CVSS 3.1
9.4
EPSS
0.3%
CVE-2022-36365 MEDIUM POC This Month

Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Crossword plugin <= 1.1.10 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wha Crossword
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2872 MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Octoprint
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-35621 MEDIUM POC This Month

Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Evohclaimable
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-3251 MEDIUM POC PATCH This Month

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Minarca
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3250 MEDIUM POC PATCH This Month

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-41241 CRITICAL Act Now

Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Rqm
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-30578 CRITICAL Act Now

The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ebx Add Ons
NVD
CVSS 3.1
9.0
EPSS
0.8%
CVE-2022-30577 CRITICAL Act Now

The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ebx
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2022-40029 MEDIUM POC This Month

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Task Managing System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-40028 MEDIUM POC This Month

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Task Managing System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-41253 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Cons3Rt
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-41249 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Scm Httpclient
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41245 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Worksoft Execution Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41236 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Security Inspector
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41234 HIGH PATCH This Week

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41228 HIGH PATCH This Week

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41227 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3255 MEDIUM POC PATCH This Month

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-29800 MEDIUM POC This Month

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Windows Defender For Endpoint
NVD
CVSS 3.1
4.7
EPSS
6.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy