Skip to main content
CVE-2022-2926 MEDIUM POC This Month

The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Download Manager
NVD WPScan
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-40784 HIGH This Week

Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mipc Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3200 HIGH This Week

Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3199 HIGH This Week

Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-3198 HIGH This Week

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3197 HIGH This Week

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3196 HIGH This Week

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-3195 HIGH PATCH This Week

Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Buffer Overflow Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-3071 HIGH This Week

Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-3058 HIGH PATCH This Week

Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3055 HIGH PATCH This Week

Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3052 HIGH This Week

Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Linux And Chrome Os +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-3051 HIGH This Week

Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Linux And Chrome Os +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3050 HIGH This Week

Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-3049 HIGH This Week

Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3046 HIGH This Week

Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-3045 HIGH PATCH This Week

Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Buffer Overflow Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3043 HIGH PATCH This Week

Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Buffer Overflow Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3042 HIGH PATCH This Week

Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3041 HIGH This Week

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3040 HIGH This Week

Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Buffer Overflow Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3039 HIGH This Week

Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-2998 HIGH This Week

Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome
NVD
CVSS 3.1
8.8
EPSS
30.3%
CVE-2022-2859 HIGH PATCH This Week

Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-2858 HIGH PATCH This Week

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-2857 HIGH PATCH This Week

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2855 HIGH PATCH This Week

Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-2854 HIGH PATCH This Week

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Race Condition Denial Of Service Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2853 HIGH PATCH This Week

Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Buffer Overflow Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-2852 HIGH This Week

Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-40785 HIGH This Week

Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Mipc Camera Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-3135 MEDIUM POC This Month

The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Seo Smart Links
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3074 MEDIUM POC This Month

The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Slider Hero
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3070 MEDIUM POC This Month

The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Generate Pdf Using Contact Form 7
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3069 MEDIUM POC This Month

The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wordlift
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3098 MEDIUM POC This Month

The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Login Block Ips
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-2405 MEDIUM POC This Month

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Popup Builder
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-22058 HIGH PATCH This Week

Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Memory Corruption Qualcomm Use After Free +79
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3103 HIGH This Week

off-by-one in io_uring module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-39245 HIGH PATCH This Week

Mist is the command-line interface for the makedeb Package Repository. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Mist
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3204 HIGH This Week

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Unbound Fedora
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-3048 MEDIUM This Month

Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-3057 MEDIUM PATCH This Month

Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Google CSRF Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-3056 MEDIUM PATCH This Month

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-3054 MEDIUM PATCH This Month

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-3047 MEDIUM PATCH This Month

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-3044 MEDIUM PATCH This Month

Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2861 MEDIUM PATCH This Month

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2860 MEDIUM PATCH This Month

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-3301 LOW POC PATCH Monitor

Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
2.4
EPSS
0.6%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy