Skip to main content
CVE-2022-2347 HIGH POC CISA Act Now

There exists an unchecked length field in UBoot. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow U Boot
NVD
CVSS 3.1
7.7
EPSS
0.0%
Threat
5.0
CVE-2022-35248 HIGH POC This Week

A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32211 HIGH POC This Week

A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rocket Chat
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-36338 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-30426 HIGH POC This Week

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Altos T110 F3 Firmware Ap130 F2 Firmware +32
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-27492 HIGH POC This Week

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Whatsapp
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41322 HIGH POC PATCH This Week

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Kitty Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38936 HIGH POC This Week

An issue has been found in PBC through 2022-8-27. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pbc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-40861 HIGH POC This Week

Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40093 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours And Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40092 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours And Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40091 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours And Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-22629 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Memory Corruption Microsoft RCE +7
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2022-38454 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin <= 2.6.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Kraken Io Image Optimizer
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-32792 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +4
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-32787 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +5
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-26700 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-22637 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipad Os Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-22628 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Memory Corruption RCE Use After Free +6
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-22624 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Memory Corruption RCE Use After Free +4
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-22610 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-38470 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Customer Reviews For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-38134 HIGH This Week

Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Customer Reviews For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-38085 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Read More By Adam
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-36388 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket System plugin <= 1.0 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Yds Support Ticket System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-36798 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Mega Addons For Wpbakery Page Builder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-39238 HIGH This Week

Arvados is an open source platform for managing and analyzing biomedical big data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arvados
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-40298 HIGH This Week

Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Airmedia
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-35893 HIGH This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-32814 HIGH This Week

A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3263 HIGH This Week

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32842 HIGH This Week

An out-of-bounds read issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Mac Os X macOS
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-32829 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Privilege Escalation Ipados Iphone Os +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-32826 HIGH This Week

An authorization issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32821 HIGH This Week

A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-32820 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32819 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32815 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Ipados +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32801 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-32798 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple Buffer Overflow macOS
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-32796 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow macOS
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-35257 HIGH This Week

A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Desktop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2566 HIGH PATCH This Week

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Heap Overflow Buffer Overflow Ffmpeg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-40107 HIGH This Week

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-40106 HIGH This Week

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40105 HIGH This Week

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40104 HIGH This Week

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-40102 HIGH This Week

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-40101 HIGH This Week

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow I9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-32790 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
7.5
EPSS
1.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy