Skip to main content
CVE-2022-3569 HIGH POC Act Now

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zimbra Collaboration Suite
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-42221 HIGH POC This Week

Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection R6220 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-42983 HIGH POC This Week

anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Aj Report
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-41751 HIGH POC This Week

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Jhead Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3283 HIGH POC This Week

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-42143 HIGH POC This Week

Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Sacco Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-42142 HIGH POC This Week

Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Online Tours And Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3552 HIGH POC THREAT This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Boxbilling
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
44.0%
CVE-2022-41498 HIGH POC This Week

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editbrand.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-3549 HIGH POC This Week

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Cold Storage Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2022-3243 HIGH POC This Week

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Import All Pages Post Types Products Orders And Users As Xml Csv
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3150 HIGH POC This Week

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Custom Cursors
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-3131 HIGH POC This Week

The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Search Logger
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-3158 HIGH This Week

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell SQLi RCE Factorytalk Vantagepoint
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2022-3368 HIGH This Week

A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Avira Security
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-38743 HIGH This Week

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell Authentication Bypass RCE Factorytalk Vantagepoint
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-42029 HIGH This Week

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Chamilo
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-23771 HIGH This Week

This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nas1Dual Firmware Nas2Dual Firmware Nas4Dual Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-3550 HIGH PATCH This Week

A vulnerability classified as critical was found in X.org Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow X Server Debian Linux Fedora
NVD VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-2527 HIGH This Week

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2022-3534 HIGH PATCH This Week

A vulnerability classified as critical has been found in Linux Kernel. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel
NVD VulDB
CVSS 3.1
8.0
EPSS
0.5%
CVE-2022-3565 HIGH PATCH This Week

A vulnerability, which was classified as critical, has been found in Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3545 HIGH PATCH This Week

A vulnerability has been found in Linux Kernel and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel H410c Firmware +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3541 HIGH PATCH This Week

A vulnerability classified as critical has been found in Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3517 HIGH PATCH This Week

A vulnerability was found in the minimatch package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Minimatch Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-3382 HIGH This Week

HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Robot System Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3559 HIGH PATCH This Week

A vulnerability was found in Exim and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Exim Fedora
NVD VulDB
CVSS 3.1
7.5
EPSS
3.7%
CVE-2022-3031 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-2931 HIGH This Week

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-3501 HIGH This Week

Article template contents with sensitive data could be accessed from agents without permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-3281 HIGH This Week

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 750 8100 Firmware 750 8101 Firmware 750 8101 000 010 Firmware 750 8101 025 000 Firmware +74
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-42975 HIGH PATCH This Week

socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass CSRF Phoenix
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-2533 HIGH This Week

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2022-3421 HIGH This Week

An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Google Apple Privilege Escalation Drive
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2022-3060 HIGH This Week

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2022-2428 HIGH This Week

A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2022-3566 HIGH PATCH This Week

A vulnerability, which was classified as problematic, was found in Linux Kernel. Rated high severity (CVSS 7.1).

Linux Race Condition Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-3564 HIGH PATCH This Week

A vulnerability classified as critical was found in Linux Kernel. Rated high severity (CVSS 7.1). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux +4
NVD VulDB
CVSS 3.1
7.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy