Skip to main content
CVE-2022-41040 HIGH POC KEV PATCH THREAT Act Now

Microsoft Exchange Server contains an SSRF vulnerability known as 'ProxyNotShell' that allows authenticated attackers to access backend Exchange services, chained with CVE-2022-41082 for remote code execution.

NVD
CVSS 3.1
8.8
EPSS
94.1%
Threat
9.6
CVE-2022-41082 HIGH POC KEV PATCH THREAT Act Now

Microsoft Exchange Server allows authenticated remote code execution through PowerShell deserialization, the second component of 'ProxyNotShell' enabling SYSTEM-level command execution when chained with CVE-2022-41040.

NVD
CVSS 3.1
8.0
EPSS
91.7%
Threat
9.4
CVE-2022-41430 HIGH POC This Week

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-41429 HIGH POC This Week

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-41428 HIGH POC This Week

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3125 HIGH POC This Week

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Frontend File Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-40764 HIGH POC PATCH This Week

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Node.js Cli Golang Cli
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38817 HIGH POC This Week

Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Dapr Dashboard
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2022-40886 HIGH POC This Week

DedeCMS 5.7.98 has a file upload vulnerability in the background. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dedecms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-42301 HIGH PATCH This Week

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Netbackup
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-41301 HIGH This Week

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Subassembly Composer
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-33890 HIGH This Week

A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Autocad Autocad Advance Steel +9
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-33889 HIGH This Week

A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Autocad Autocad Advance Steel +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-33888 HIGH This Week

A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-33887 HIGH This Week

A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Autocad Autocad Advance Steel Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33886 HIGH This Week

A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Autocad Autocad Advance Steel Autocad Architecture Autocad Civil 3D +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33885 HIGH This Week

A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33883 HIGH This Week

A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Microsoft RCE Buffer Overflow Advanced Material Exchange +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-42305 HIGH PATCH This Week

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Netbackup
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-42299 HIGH PATCH This Week

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Netbackup
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-33884 HIGH This Week

Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-42308 HIGH PATCH This Week

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Netbackup
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy