Skip to main content
CVE-2022-38028 HIGH KEV PATCH THREAT Act Now

Windows Print Spooler allows local privilege escalation that was exploited by the Russian GRU's 'Forest Blizzard' (APT28) group using a custom tool called 'GooseEgg' for credential theft and lateral movement in government networks.

Windows
NVD VulDB
CVSS 3.1
7.8
EPSS
5.0%
CVE-2022-41034 HIGH POC PATCH THREAT Act Now

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD GitHub
CVSS 3.1
7.8
EPSS
67.5%
CVE-2022-40777 HIGH POC This Week

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Email Marketer
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-42238 HIGH POC This Week

A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Merchandise Online Store
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42229 HIGH POC This Week

Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-42034 HIGH POC This Week

Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-41404 HIGH POC This Week

An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ini4J Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-3358 HIGH POC PATCH This Week

OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference OpenSSL Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-42731 HIGH POC PATCH This Week

mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python Django Mfa2
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31765 HIGH PATCH CISA Act Now

Affected devices do not properly authorize the change password function of the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass 6Gk6108 4Am00 2Ba2 Firmware 6Gk6108 4Am00 2Da2 Firmware 6Gk5804 0Ap00 2Aa2 Firmware 6Gk5812 1Aa00 2Aa2 Firmware +182
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41204 HIGH This Week

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Commerce
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-20429 HIGH This Week

In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-41038 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-41037 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-41036 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-38053 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
76.4%
CVE-2022-38045 HIGH PATCH This Week

Windows Server Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-38040 HIGH PATCH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-38034 HIGH PATCH This Week

Windows Workstation Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-38031 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-38016 HIGH PATCH This Week

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2019 +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-37982 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-37976 HIGH PATCH This Week

Active Directory Certificate Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-37975 HIGH PATCH This Week

Windows Group Policy Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-34427 HIGH PATCH This Week

Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Dell Command Injection Container Storage Modules
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-34426 HIGH PATCH This Week

Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Dell Path Traversal Command Injection Container Storage Modules
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-32492 HIGH This Week

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Bios
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-32486 HIGH This Week

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Bios
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-41665 HIGH PATCH This Week

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions <. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware +33
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-40182 HIGH PATCH This Week

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Google Privilege Escalation Desigo Pxm30 1 Firmware Desigo Pxm30 E Firmware Desigo Pxm40 1 Firmware +7
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-38371 HIGH PATCH This Week

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nucleus Net Nucleus Readystart V3 Nucleus Source Code Apogee Modular Building Controller Firmware +17
NVD
CVSS 4.0
8.7
EPSS
1.3%
CVE-2022-31766 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Ruggedcom Rm1224 Firmware Scalance M804Pb Firmware Scalance M812 1 Firmware +13
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2022-40181 HIGH PATCH This Week

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Desigo Pxm30 1 Firmware Desigo Pxm30 E Firmware Desigo Pxm40 1 Firmware Desigo Pxm40 E Firmware +6
NVD
CVSS 3.1
8.3
EPSS
0.8%
CVE-2022-34432 HIGH PATCH This Week

Dell Hybrid Client below 1.8 version contains a gedit vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Dell Command Injection Hybrid Client
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-41081 HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2022-38047 HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition RCE Windows 10 Windows 11 +8
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-38000 HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition RCE Windows 10 Windows 11 +8
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-33634 HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition RCE Windows 10 Windows 11 +8
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-30198 HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition RCE Windows 10 Windows 11 +8
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-24504 HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition RCE Windows 10 Windows 11 +8
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-22035 HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition RCE Windows 10 Windows 11 +8
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-40226 HIGH PATCH This Week

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions <. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Session Fixation 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware +33
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-40179 HIGH PATCH This Week

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Desigo Pxm30 1 Firmware Desigo Pxm30 E Firmware Desigo Pxm40 1 Firmware Desigo Pxm40 E Firmware +6
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2022-40176 HIGH PATCH This Week

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Desigo Pxm30 1 Firmware Desigo Pxm30 E Firmware Desigo Pxm40 1 Firmware Desigo Pxm40 E Firmware +6
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2022-42717 HIGH PATCH This Week

An issue was discovered in Hashicorp Packer before 2.3.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Hashicorp Vagrant
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41202 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41201 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41200 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41199 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41198 HIGH This Week

Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SAP Buffer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.5%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy