Skip to main content
CVE-2022-39305 CRITICAL POC Act Now

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gin Vue Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-43680 HIGH POC This Week

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Libexpat Debian Linux +10
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-40984 CRITICAL Act Now

Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Wtviewere 761941 Wtviewerefree
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43677 MEDIUM POC This Month

In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitString. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Free5gc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-41796 HIGH This Week

Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Content Transfer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41986 HIGH This Week

Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Iij Smartkey
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-39313 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Parse Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41799 MEDIUM This Month

Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Growi
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-41797 MEDIUM This Month

Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Apple Lemon8
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-3676 MEDIUM PATCH This Month

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openj9
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-38117 MEDIUM This Month

Juiker app hard-coded its AES key in the source code. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Juiker
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-40690 MEDIUM This Month

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bookstack
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-36368 MEDIUM This Month

Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ipfire
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-39314 LOW PATCH Monitor

Kirby is a flat-file CMS. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kirby
NVD GitHub
CVSS 3.1
3.7
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy