Skip to main content
CVE-2022-2070 CRITICAL POC Act Now

In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Gds3710 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.4%
CVE-2022-2025 CRITICAL POC Act Now

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Gds3710 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2022-26112 CRITICAL PATCH Act Now

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Apache Code Injection Pinot
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-35951 CRITICAL Act Now

Redis is an in-memory database that persists on disk. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Redis RCE Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-37235 CRITICAL Act Now

Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-37232 CRITICAL Act Now

Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Netgear Buffer Overflow Wnr2000V4 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-3278 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-35099 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35098 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35097 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35096 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35095 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via InfoOutputDev::type3D1 at /pdf/InfoOutputDev.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35094 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35093 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a global buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35092 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35091 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35251 MEDIUM POC This Month

A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rocket Chat
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40358 MEDIUM POC This Month

An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Ajaxplorer
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-32217 MEDIUM POC This Month

A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-32847 CRITICAL Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
9.1
EPSS
2.6%
CVE-2022-23144 CRITICAL Act Now

There is a broken access control vulnerability in ZTE ZXvSTB product. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxa10 B76Hv3 Firmware Zxa10 B766V2 Firmware Zxa10 B800V2 Firmware +12
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-39227 CRITICAL PATCH Act Now

python-jwt is a module for generating and verifying JSON Web Tokens. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Python Python Jwt
NVD GitHub
CVSS 3.1
9.1
EPSS
3.7%
CVE-2022-22629 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Memory Corruption Microsoft RCE +7
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2022-38454 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Kraken Io Image Optimizer
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-32792 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +4
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-32787 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +5
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-26700 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-22637 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipad Os Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-22628 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Memory Corruption RCE Use After Free +6
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-22624 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Memory Corruption RCE Use After Free +4
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-22610 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-38470 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Customer Reviews For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-38134 HIGH This Week

Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Customer Reviews For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-38085 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Read More By Adam
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-36388 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Yds Support Ticket System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-36798 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Mega Addons For Wpbakery Page Builder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-39238 HIGH This Week

Arvados is an open source platform for managing and analyzing biomedical big data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arvados
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-40298 HIGH This Week

Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Airmedia
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-35250 MEDIUM POC This Month

A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-35249 MEDIUM POC This Month

A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-35247 MEDIUM POC This Month

A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-35246 MEDIUM POC This Month

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Upload Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-32229 MEDIUM POC This Month

A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32228 MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32226 MEDIUM POC This Month

An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32219 MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-32218 MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-35893 HIGH This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-32814 HIGH This Week

A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3263 HIGH This Week

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy