Skip to main content
CVE-2022-42234 HIGH POC This Week

There is a file inclusion vulnerability in the template management module in UCMS 1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Ucms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42070 HIGH POC This Week

Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Online Birth Certificate Management System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-41539 HIGH POC This Week

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-41538 HIGH POC This Week

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Wedding Planner
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-41674 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel before 5.19.16. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow Linux Kernel Fedora +1
NVD
CVSS 3.1
8.1
EPSS
3.8%
CVE-2022-42720 HIGH POC PATCH This Week

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Code Injection Use After Free Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-2963 HIGH POC PATCH This Week

A vulnerability found in jasper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jasper Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-37603 HIGH POC PATCH This Week

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Loader Utils
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-2880 HIGH POC PATCH This Week

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Request Smuggling Go
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-41416 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-42232 HIGH POC This Week

Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/classes/Master.php?f=delete_storage. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Cold Storage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-3495 HIGH POC This Week

A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Online Public Access Catalog
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2022-41536 HIGH POC This Week

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Sacco Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41535 HIGH POC This Week

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Sacco Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-39311 HIGH PATCH This Week

GoCD is a continuous delivery server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Java Gocd
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-42463 HIGH This Week

OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-3496 HIGH This Week

A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical.php of the component Admin Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Human Resource Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-36803 HIGH This Week

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Privilege Escalation Jira Align
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-28759 HIGH This Week

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zoom On Premise Meeting Connector Mmr
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2022-39064 HIGH This Week

An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tradfri Led1732G11 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-2780 HIGH This Week

In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-42339 HIGH This Week

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Stack Overflow Buffer Overflow Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2022-38450 HIGH This Week

Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Stack Overflow Buffer Overflow Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2022-38448 HIGH PATCH This Week

Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption RCE Adobe Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38447 HIGH PATCH This Week

Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption RCE Adobe Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38446 HIGH PATCH This Week

Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption RCE Adobe Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38445 HIGH PATCH This Week

Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption RCE Adobe Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38444 HIGH PATCH This Week

Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption RCE Adobe Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38442 HIGH PATCH This Week

Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption RCE Adobe Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38441 HIGH PATCH This Week

Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Dimension
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38440 HIGH PATCH This Week

Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Adobe Buffer Overflow Dimension
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-39111 HIGH This Week

In Music service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39110 HIGH This Week

In Music service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39109 HIGH This Week

In Music service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39108 HIGH This Week

In Music service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39107 HIGH This Week

In Soundrecorder service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39080 HIGH This Week

In messaging service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-38698 HIGH This Week

In messaging service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-38670 HIGH This Week

In soundrecorder service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-38669 HIGH This Week

In soundrecorder service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-2985 HIGH This Week

In music service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41308 HIGH This Week

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Subassembly Composer
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-41307 HIGH PATCH This Week

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Subassembly Composer
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41306 HIGH PATCH This Week

A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Design Review
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-41305 HIGH This Week

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Subassembly Composer
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-41304 HIGH PATCH This Week

An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Information Disclosure RCE Buffer Overflow Fbx Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-41303 HIGH PATCH This Week

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Fbx Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-41302 HIGH PATCH This Week

An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Information Disclosure Buffer Overflow Fbx Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-20397 HIGH This Week

In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-41585 HIGH This Week

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy