Skip to main content
CVE-2022-3068 HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Octoprint
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-35895 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-39224 HIGH POC PATCH This Week

Arr-pm is an RPM reader/writer library written in Ruby. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Command Injection Ruby Arr Pm
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-38928 HIGH POC This Week

XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdf
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-23952 HIGH POC PATCH This Week

In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Keylime
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-23950 HIGH POC PATCH This Week

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Keylime
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-23949 HIGH POC PATCH This Week

In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Keylime
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-23948 HIGH POC PATCH This Week

A flaw was found in Keylime before 6.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Keylime
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-40026 HIGH POC This Week

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Task Managing System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-37027 HIGH POC THREAT This Week

Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Cloud Backup Suite
NVD
CVSS 3.1
7.2
EPSS
21.7%
CVE-2022-41222 HIGH POC PATCH This Week

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. Rated high severity (CVSS 7.0). Public exploit code available.

Memory Corruption Information Disclosure Linux Use After Free Linux Kernel +3
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2022-41253 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Cons3Rt
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-41249 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Scm Httpclient
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41245 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Worksoft Execution Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41236 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Security Inspector
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41234 HIGH PATCH This Week

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41228 HIGH PATCH This Week

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41227 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-2881 HIGH PATCH This Week

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Bind
NVD
CVSS 3.1
8.2
EPSS
1.1%
CVE-2022-40616 HIGH This Week

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Maximo Asset Management
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-41244 HIGH This Week

Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins View26 Test Reporting
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-41243 HIGH This Week

Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jenkins Smalltest
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-41232 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Jenkins Build Publisher
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2022-2265 HIGH This Week

The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Identity And Directory Management System
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3252 HIGH This Week

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swift Nio Extras
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3080 HIGH PATCH This Week

By sending specific queries to the resolver, an attacker can cause named to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bind Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-38178 HIGH PATCH This Week

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bind Debian Linux Fedora Active Iq Unified Manager
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-38177 HIGH PATCH This Week

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bind Debian Linux Fedora Active Iq Unified Manager
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-2906 HIGH PATCH This Week

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Bind
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-40604 HIGH PATCH This Week

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-39221 HIGH PATCH This Week

McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Mcwebserver Minecraft Mod For Fabric And Quilt Mcwebserver Minecraft Mod For Forge
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40217 HIGH This Week

Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Wpide
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-36386 HIGH This Week

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Wp All Import
NVD
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy