Skip to main content
CVE-2022-38108 HIGH POC THREAT Act Now

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
CVSS 3.1
7.2
EPSS
69.5%
CVE-2022-42233 CRITICAL POC THREAT Act Now

Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tenda 11N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
42.7%
CVE-2022-42021 CRITICAL POC Act Now

Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Student Result Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37598 CRITICAL POC Act Now

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Uglifyjs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-42199 HIGH POC This Week

Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Simple Exam Reviewer Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-42198 HIGH POC This Week

In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Exam Reviewer Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-42176 HIGH POC This Week

In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pcsecure
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31366 HIGH POC This Week

An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Eve Ng
NVD VulDB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-42201 HIGH POC This Week

Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Exam Reviewer Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-42197 MEDIUM POC This Month

In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simple Exam Reviewer Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-26954 MEDIUM POC This Month

Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Nopcommerce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-3620 CRITICAL PATCH Act Now

A vulnerability was found in Exim and classified as problematic.c of the component DMARC Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Exim Fedora
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-37298 CRITICAL PATCH Act Now

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Shinken Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-27625 CRITICAL Act Now

A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Buffer Overflow Diskstation Manager
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-27624 CRITICAL Act Now

A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Buffer Overflow Diskstation Manager
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-3327 CRITICAL PATCH Act Now

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-33231 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Service Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-42200 MEDIUM POC This Month

Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Exam Reviewer Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41358 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Garage Management System
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.9%
CVE-2022-40084 MEDIUM POC PATCH This Month

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opencrx
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-36958 HIGH This Week

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
CVSS 3.1
8.8
EPSS
82.7%
CVE-2022-42344 HIGH PATCH This Week

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Adobe Privilege Escalation Commerce +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3619 MEDIUM POC This Month

A vulnerability has been found in Linux Kernel and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-27626 HIGH This Week

A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Synology Diskstation Manager
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-3577 HIGH PATCH This Week

An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2069 HIGH This Week

The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcenter Visualization prior to V14.0.0.2 contains an out of bounds write past the fixed-length heap-based buffer while parsing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens Heap Overflow Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-39823 HIGH This Week

An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Opc Opc Ua C Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-37453 HIGH This Week

An issue was discovered in Softing OPC UA C++ SDK before 6.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Edgeaggregator Edgeconnector Opc +3
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3623 HIGH PATCH This Week

A vulnerability was found in Linux Kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3576 HIGH This Week

A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synology Buffer Overflow Diskstation Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-36957 HIGH This Week

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Orion Platform
NVD
CVSS 3.1
7.2
EPSS
12.3%
CVE-2022-3621 MEDIUM PATCH This Month

A vulnerability was found in Linux Kernel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-36966 MEDIUM This Month

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Orion Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy