Skip to main content
CVE-2022-38028 HIGH KEV PATCH THREAT Act Now

Windows Print Spooler allows local privilege escalation that was exploited by the Russian GRU's 'Forest Blizzard' (APT28) group using a custom tool called 'GooseEgg' for credential theft and lateral movement in government networks.

Windows
NVD VulDB
CVSS 3.1
7.8
EPSS
5.0%
CVE-2022-41034 HIGH POC PATCH THREAT Act Now

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD GitHub
CVSS 3.1
7.8
EPSS
67.5%
CVE-2022-37617 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Browserify Shim
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42044 CRITICAL POC Act Now

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Asns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42043 CRITICAL POC Act Now

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Xml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42042 CRITICAL POC Act Now

The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Networking
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42041 CRITICAL POC Act Now

The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S File System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42040 CRITICAL POC Act Now

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Algorithms
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2022-42039 CRITICAL POC Act Now

The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Lists
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42038 CRITICAL POC Act Now

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Ip Addresses
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42037 CRITICAL POC Act Now

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Asns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42036 CRITICAL POC Act Now

The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41387 CRITICAL POC Act Now

The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Pdfs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41386 CRITICAL POC Act Now

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41385 CRITICAL POC Act Now

The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Html
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41384 CRITICAL POC Act Now

The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Domains
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41383 CRITICAL POC Act Now

The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Archives
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41382 CRITICAL POC Act Now

The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41381 CRITICAL POC Act Now

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41380 CRITICAL POC Act Now

The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Yaml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-32174 CRITICAL POC THREAT Act Now

In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gogs
NVD GitHub
CVSS 3.1
9.0
EPSS
58.0%
CVE-2022-40777 HIGH POC This Week

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Email Marketer
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-42238 HIGH POC This Week

A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Merchandise Online Store
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42229 HIGH POC This Week

Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-42034 HIGH POC This Week

Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-41404 HIGH POC This Week

An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ini4J Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-3358 HIGH POC PATCH This Week

OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference OpenSSL Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-42731 HIGH POC PATCH This Week

mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Django Mfa2
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31765 HIGH PATCH CISA Act Now

Affected devices do not properly authorize the change password function of the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass 6Gk6108 4Am00 2Ba2 Firmware 6Gk6108 4Am00 2Da2 Firmware 6Gk5804 0Ap00 2Aa2 Firmware 6Gk5812 1Aa00 2Aa2 Firmware +182
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41376 MEDIUM POC This Month

Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Metro Ui
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37968 CRITICAL PATCH Act Now

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Kubernetes Azure Arc Enabled Kubernetes Azure Stack Edge
NVD
CVSS 3.1
10.0
EPSS
2.6%
CVE-2022-35299 CRITICAL Act Now

SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Stack Overflow Buffer Overflow Sap Iq Sql Anywhere
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-37609 CRITICAL Act Now

Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Js Beautify
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-36361 CRITICAL PATCH Act Now

A vulnerability has been identified in LOGO!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Logo 8 Bm Firmware Logo 8 Bm Fs 05 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-37616 CRITICAL PATCH Act Now

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Code Injection Prototype Pollution Node.js Xmldom Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-40138 CRITICAL PATCH Act Now

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35289 CRITICAL PATCH Act Now

A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-32234 CRITICAL PATCH Act Now

An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40047 MEDIUM POC This Month

Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Flatpress
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.4%
CVE-2022-42236 MEDIUM POC This Month

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Merchandise Online Store
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-42235 MEDIUM POC This Month

A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Student Clearance System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-32175 MEDIUM POC PATCH This Month

In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Adguardhome
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-41204 HIGH This Week

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Commerce
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-20429 HIGH This Week

In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-41038 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-41037 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-41036 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-38053 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
76.4%
CVE-2022-38045 HIGH PATCH This Week

Windows Server Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-38040 HIGH PATCH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
1.5%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy