Skip to main content
CVE-2022-42725 HIGH POC PATCH This Week

Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Warpinator
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-3154 HIGH POC This Week

The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Woo Billingo Plus Integration For Billingo Gravity Forms Integration For Szamlazz Hu Gravity Forms
NVD WPScan
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-20870 HIGH This Week

A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2022-20837 HIGH This Week

A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2022-20920 HIGH This Week

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS Ios Xe
NVD
CVSS 3.1
7.7
EPSS
1.0%
CVE-2022-41749 HIGH PATCH This Week

An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Trend Micro Privilege Escalation Apex One
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41747 HIGH PATCH This Week

An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-39288 HIGH PATCH This Week

fastify is a fast and low overhead web framework, for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Fastify
NVD GitHub
CVSS 3.1
7.5
EPSS
59.2%
CVE-2022-34425 HIGH This Week

Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Enterprise Sonic Distribution
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-39292 HIGH PATCH This Week

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Slack Morphism
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-20915 HIGH This Week

A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2022-41745 HIGH PATCH This Week

An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could. Rated high severity (CVSS 7.0). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Trend Micro Privilege Escalation Buffer Overflow Apex One
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2022-41744 HIGH PATCH This Week

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working. Rated high severity (CVSS 7.0).

Trend Micro Privilege Escalation Apex One
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy