Skip to main content
CVE-2022-39353 CRITICAL POC PATCH Act Now

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xmldom Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-24936 CRITICAL POC Act Now

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gecko Bootloader
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-43226 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/view_appointment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-43068 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43066 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=delete_message. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43227 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41551 HIGH POC This Week

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Garage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-43253 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43252 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43250 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43249 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43248 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43245 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43244 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43243 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43242 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43241 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43240 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43239 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43238 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43237 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43236 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43235 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-3826 MEDIUM POC This Month

A vulnerability was found in Huaxia ERP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Huaxia Erp
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-3825 MEDIUM POC This Month

A vulnerability was found in Huaxia ERP 2.3 and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Huaxia Erp
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-3810 MEDIUM POC PATCH This Month

A vulnerability was found in Axiomatic Bento4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Bento4
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-3809 MEDIUM POC This Month

A vulnerability was found in Axiomatic Bento4 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-40840 MEDIUM POC This Month

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ndkadvancedcustomizationfields
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3575 CRITICAL Act Now

Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Frauscher Diagnostic System 102
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3827 CRITICAL PATCH Act Now

A vulnerability was found in centreon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Centreon
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39379 CRITICAL PATCH Act Now

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Fluentd Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
44.7%
CVE-2022-38381 CRITICAL Act Now

An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SQLi Fortiadc
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-39381 MEDIUM POC PATCH This Month

Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Muhammarajs Hummusjs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-43255 MEDIUM POC This Month

GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43254 MEDIUM POC This Month

GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-39356 HIGH PATCH This Week

Discourse is a platform for community discussion. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-26122 HIGH PATCH This Week

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Fortinet Authentication Bypass Antivirus Engine Fortimail Fortios
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2022-30307 HIGH PATCH This Week

A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-33870 HIGH PATCH This Week

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester 3.0.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Fortitester
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-26119 HIGH PATCH This Week

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Fortinet Authentication Bypass Fortisiem
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3181 HIGH PATCH This Week

An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Vtscada
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41716 HIGH PATCH This Week

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Go
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-35842 HIGH PATCH This Week

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-43995 HIGH PATCH This Week

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Sudo
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-38372 MEDIUM This Month

A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortitester
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-39945 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortimail
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3845 MEDIUM PATCH This Month

A vulnerability has been found in phpipam and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Phpipam
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3844 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in Webmin 2.001. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Webmin
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-43985 MEDIUM PATCH This Month

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Open Redirect Airflow
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-43982 MEDIUM PATCH This Month

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Airflow
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy