Skip to main content
CVE-2022-41040 HIGH POC KEV PATCH THREAT Act Now

Microsoft Exchange Server contains an SSRF vulnerability known as 'ProxyNotShell' that allows authenticated attackers to access backend Exchange services, chained with CVE-2022-41082 for remote code execution.

NVD
CVSS 3.1
8.8
EPSS
94.1%
Threat
9.6
CVE-2022-41082 HIGH POC KEV PATCH THREAT Act Now

Microsoft Exchange Server allows authenticated remote code execution through PowerShell deserialization, the second component of 'ProxyNotShell' enabling SYSTEM-level command execution when chained with CVE-2022-41040.

NVD
CVSS 3.1
8.0
EPSS
91.7%
Threat
9.4
CVE-2022-41443 CRITICAL POC Act Now

phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Phpipam
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-40721 CRITICAL POC Act Now

Arbitrary file upload vulnerability in php uploader. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Creativedream File Uploader
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-41430 HIGH POC This Week

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-41429 HIGH POC This Week

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-41428 HIGH POC This Week

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3125 HIGH POC This Week

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Frontend File Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-40764 HIGH POC PATCH This Week

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Node.js Cli Golang Cli
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-36551 MEDIUM POC PATCH This Month

A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Label Studio
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.5
EPSS
5.1%
CVE-2022-38817 HIGH POC This Week

Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Dapr Dashboard
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2022-40886 HIGH POC This Week

DedeCMS 5.7.98 has a file upload vulnerability in the background. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dedecms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-40123 MEDIUM POC This Month

mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mojoportal
NVD VulDB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-41427 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41426 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStream function in mp4split. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41425 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4decrypt. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41424 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in mp42hls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41423 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41419 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40922 MEDIUM POC PATCH This Month

A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lief
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-42247 MEDIUM POC PATCH This Month

pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Pfsense
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2022-33882 CRITICAL Act Now

Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Autodesk Desktop
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-42307 CRITICAL PATCH Act Now

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Netbackup
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-42304 CRITICAL PATCH Act Now

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Netbackup
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-42303 CRITICAL PATCH Act Now

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Netbackup
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-42302 CRITICAL PATCH Act Now

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Netbackup
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-41420 MEDIUM POC This Month

nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2839 MEDIUM POC This Month

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Zephyr Project Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-32173 MEDIUM POC PATCH This Month

In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Orchardcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3124 MEDIUM POC This Month

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Frontend File Manager
NVD WPScan
CVSS 3.1
5.3
EPSS
6.2%
CVE-2022-42301 HIGH PATCH This Week

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Netbackup
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3132 MEDIUM POC This Month

The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Goolytics
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-3128 MEDIUM POC This Month

The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Donation Thermometer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2763 MEDIUM POC This Month

The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Socializer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2628 MEDIUM POC This Month

The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Dsgvo All In One For Wp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-41301 HIGH This Week

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Subassembly Composer
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-33890 HIGH This Week

A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Autocad Autocad Advance Steel +9
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-33889 HIGH This Week

A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Autocad Autocad Advance Steel +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-33888 HIGH This Week

A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-33887 HIGH This Week

A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Autocad Autocad Advance Steel Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33886 HIGH This Week

A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Autocad Autocad Advance Steel Autocad Architecture Autocad Civil 3D +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33885 HIGH This Week

A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33883 HIGH This Week

A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Microsoft RCE Buffer Overflow Advanced Material Exchange +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-42305 HIGH PATCH This Week

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Netbackup
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-42299 HIGH PATCH This Week

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Netbackup
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-33884 HIGH This Week

Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-42308 HIGH PATCH This Week

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Netbackup
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-42300 MEDIUM PATCH This Month

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Netbackup
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-42306 MEDIUM PATCH This Month

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Netbackup
NVD
CVSS 3.1
5.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy