Skip to main content
CVE-2022-41500 HIGH POC This Week

EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Eyoucms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-3584 HIGH POC This Week

A vulnerability was found in SourceCodester Canteen Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-41541 HIGH POC This Week

TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Ax10 Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-3305 HIGH POC This Week

Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Feishu
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42188 HIGH POC This Week

In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lavalite
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-43259 HIGH POC This Week

Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41547 HIGH POC PATCH This Week

Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP LFI Mobile Security Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-41479 HIGH POC This Week

The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Asp Net Web Forms Controls
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-22223 HIGH POC This Week

On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregation group (LAG) interfaces, an Improper Validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-42218 HIGH POC This Week

Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Sacco Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41537 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Tours Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-41504 HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Billing System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-39427 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-21613 HIGH PATCH This Week

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Denial Of Service Enterprise Data Quality
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-22246 HIGH This Week

A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure PHP Junos
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-22239 HIGH This Week

An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Privilege Escalation Junos Os Evolved
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-22229 HIGH This Week

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper XSS Paragon Active Assurance Control Center
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2022-39426 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-39425 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2022-39424 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Oracle Code Injection Vm Virtualbox
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2022-39406 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component: Approval Framework). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Common Components
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-21612 HIGH PATCH This Week

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Enterprise Data Quality
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-31122 HIGH This Week

Wire is an encrypted communication and collaboration platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Wire Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-36438 HIGH This Week

AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Asusswitch System Control Interface
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-22251 HIGH This Week

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-21590 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Formatting API). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Denial Of Service Bi Publisher
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2022-39422 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Oracle Privilege Escalation Vm Virtualbox
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-39412 HIGH PATCH This Week

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Oracle Access Manager
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-21634 HIGH PATCH This Week

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Java Graalvm
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-21623 HIGH PATCH This Week

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-21622 HIGH PATCH This Week

Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Soa Suite
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-21620 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5).

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-21614 HIGH PATCH This Week

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Enterprise Data Quality
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-21598 HIGH PATCH This Week

Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM (component: Repository Utilities). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Siebel Core Db Deployment And Configuration Accessible Data
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29055 HIGH This Week

A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x, FortiProxy version 7.0.0 through 7.0.4, 2.0.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Fortinet Fortiproxy Fortios
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-39058 HIGH This Week

RAVA certification validation system has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Rava Certificate Validation System
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-22247 HIGH This Week

An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22236 HIGH This Week

An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22235 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22232 HIGH This Week

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Null Pointer Dereference Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22231 HIGH This Week

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22228 HIGH This Week

An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22218 HIGH This Week

On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment, allows a network-based, unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-22211 HIGH This Week

A limitless resource allocation vulnerability in FPC resources of Juniper Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22201 HIGH This Week

An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated network-based. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22192 HIGH This Week

An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a network-based, unauthenticated attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-21615 HIGH PATCH This Week

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Enterprise Data Quality
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2022-39421 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2022-22248 HIGH This Week

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Os Evolved
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-21603 HIGH PATCH This Week

Vulnerability in the Oracle Database - Sharding component of Oracle Database Server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Database Sharding
NVD
CVSS 3.1
7.2
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy