Skip to main content
CVE-2022-40929 CRITICAL POC Act Now

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Xxl Job
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-40942 CRITICAL POC Act Now

Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Tx3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.1%
CVE-2022-3332 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Food Ordering Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-40083 CRITICAL POC PATCH Act Now

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Redirect Echo
NVD GitHub
CVSS 3.1
9.6
EPSS
2.3%
CVE-2022-40486 HIGH POC This Week

TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Archer Ax10 V1 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-36448 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-1270 HIGH POC This Week

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-32168 HIGH POC PATCH This Week

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Notepad
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-3354 HIGH POC This Week

A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40082 HIGH POC PATCH This Week

Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Hertz
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-3349 MEDIUM POC This Month

A vulnerability was found in Sony PS4 and PS5. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Playstation 4 Firmware Playstation 5 Firmware
NVD VulDB
CVSS 3.1
6.8
EPSS
0.5%
CVE-2022-31629 MEDIUM POC THREAT This Month

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-`. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
49.3%
CVE-2022-40912 MEDIUM POC This Month

ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Etap Safety Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-28814 CRITICAL Act Now

Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28812 CRITICAL Act Now

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain SuperUser access to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-28811 CRITICAL Act Now

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-22526 CRITICAL Act Now

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-22522 CRITICAL Act Now

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39033 CRITICAL Act Now

Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Smart Evision
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-22524 CRITICAL Act Now

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access,. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
9.4
EPSS
0.9%
CVE-2022-3333 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zephyr Project Manager
NVD VulDB WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-30935 CRITICAL PATCH Act Now

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass B2Evolution
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-3348 MEDIUM POC PATCH This Month

Just like in the previous report, an attacker could steal the account of different users. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tooljet
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-39032 HIGH This Week

Smart eVision has an improper privilege management vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Smart Evision
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-40497 HIGH PATCH This Week

Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Wazuh Code Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-3292 MEDIUM POC PATCH This Month

Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2022-32170 MEDIUM POC This Month

The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bytebase
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-32169 MEDIUM POC This Month

The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bytebase
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-39263 HIGH PATCH This Week

`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Redis Next Auth
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-40710 HIGH This Week

A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Trend Micro Privilege Escalation Deep Security Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-39257 HIGH PATCH This Week

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apple Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-39255 HIGH PATCH This Week

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apple Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34424 HIGH This Week

Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Smartfabric Os10
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-3215 HIGH This Week

NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Swiftnio
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-39251 HIGH PATCH This Week

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Javascript Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-39249 HIGH PATCH This Week

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Javascript Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39248 HIGH PATCH This Week

matrix-android-sdk2 is the Matrix SDK for Android. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Google Authentication Bypass Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-39261 HIGH PATCH This Week

Twig is a template language for PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Twig Drupal Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-28813 HIGH This Week

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-22523 HIGH This Week

An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-39030 HIGH This Week

smart eVision has inadequate authorization for system information query function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smart Evision
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-38934 LOW POC Monitor

readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Toaruos
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2022-22525 HIGH This Week

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3287 MEDIUM PATCH This Month

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fwupd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-36771 MEDIUM PATCH This Month

IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Qradar User Behavior Analytics
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-35282 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

SSRF Information Disclosure IBM Websphere Application Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-39034 MEDIUM This Month

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Smart Evision
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-39029 MEDIUM This Month

Smart eVision has inadequate authorization for the database query function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Smart Evision
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-3193 MEDIUM This Month

An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Ovirt Engine
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-28816 MEDIUM This Month

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy