Skip to main content
CVE-2022-38181 HIGH POC KEV THREAT This Week

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Bifrost Gpu Kernel Driver Midgard Gpu Kernel Driver +1
NVD GitHub
CVSS 3.1
8.8
EPSS
12.6%
CVE-2022-3395 HIGH POC This Week

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp All Export
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3246 HIGH POC This Week

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Blog2Social
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-35887 HIGH POC This Week

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-35886 HIGH POC This Week

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-35885 HIGH POC This Week

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-35884 HIGH POC This Week

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-35881 HIGH POC This Week

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-35880 HIGH POC This Week

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-35879 HIGH POC This Week

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-35878 HIGH POC This Week

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-35132 HIGH POC This Week

Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Usermin
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2022-32775 HIGH POC This Week

An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-32586 HIGH POC This Week

An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2022-30603 HIGH POC This Week

An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
5.3%
CVE-2022-29475 HIGH POC This Week

An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-39345 HIGH POC PATCH This Week

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Upload Gin Vue Admin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-38870 HIGH POC This Week

Free5gc v3.2.1 is vulnerable to Information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2022-35271 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35270 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35269 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35268 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35267 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35266 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35265 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35264 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35263 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35262 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35261 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32760 HIGH POC This Week

A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Iota All In One Security Kit Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-3394 HIGH POC This Week

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Code Injection Wp All Export
NVD WPScan VulDB
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-3335 HIGH POC This Week

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP Kadence Woocommerce Email Designer
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-3302 HIGH POC This Week

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Spam Protection Antispam Firewall
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3300 HIGH POC This Week

The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Form Maker
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-34850 HIGH POC This Week

An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2022-33183 HIGH This Week

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-33179 HIGH This Week

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-28169 HIGH This Week

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-36453 HIGH This Week

A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Micollab
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-36451 HIGH This Week

A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Micollab
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-39326 HIGH PATCH This Week

kartverket/github-workflows are shared reusable workflows for GitHub Actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Hashicorp Code Injection Github Workflows
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-38196 HIGH This Week

Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Arcgis Server
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-33185 HIGH This Week

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33184 HIGH This Week

A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33182 HIGH This Week

A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-38436 HIGH This Week

Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38435 HIGH This Week

Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-39354 HIGH PATCH This Week

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Evm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-42890 HIGH PATCH This Week

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Java Batik Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-41704 HIGH PATCH This Week

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Java Batik Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy