Skip to main content
CVE-2022-40486 HIGH POC This Week

TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Archer Ax10 V1 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-36448 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-1270 HIGH POC This Week

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-32168 HIGH POC PATCH This Week

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Notepad
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-3354 HIGH POC This Week

A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40082 HIGH POC PATCH This Week

Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Hertz
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-39032 HIGH This Week

Smart eVision has an improper privilege management vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Smart Evision
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-40497 HIGH PATCH This Week

Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Wazuh Code Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-39263 HIGH PATCH This Week

`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Redis Next Auth
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-40710 HIGH This Week

A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Trend Micro Privilege Escalation Deep Security Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-39257 HIGH PATCH This Week

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apple Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-39255 HIGH PATCH This Week

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apple Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34424 HIGH This Week

Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Smartfabric Os10
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-3215 HIGH This Week

NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Swiftnio
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-39251 HIGH PATCH This Week

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Javascript Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-39249 HIGH PATCH This Week

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Javascript Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39248 HIGH PATCH This Week

matrix-android-sdk2 is the Matrix SDK for Android. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Google Authentication Bypass Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-39261 HIGH PATCH This Week

Twig is a template language for PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Twig Drupal Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-28813 HIGH This Week

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of an SQL-injection to gain access to a volatile temporary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-22523 HIGH This Week

An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-39030 HIGH This Week

smart eVision has inadequate authorization for system information query function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smart Evision
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-22525 HIGH This Week

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy