Skip to main content
CVE-2022-39344 CRITICAL POC Act Now

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft RCE Buffer Overflow Azure Rtos Usbx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-43567 HIGH POC This Week

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Splunk Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-33684 HIGH POC PATCH This Week

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Apache Information Disclosure Python Pulsar
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-43566 HIGH POC This Week

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2022-38582 MEDIUM POC This Month

Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Anti Virus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43568 MEDIUM POC THREAT This Month

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation (JSON) in a query parameter when output_mode=radio. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.1
EPSS
42.8%
CVE-2022-31691 CRITICAL Act Now

Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Java Bosh Editor Cloudfoundry Manifest Yml Support +3
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-3023 CRITICAL PATCH Act Now

Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tidb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-43569 MEDIUM POC This Month

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-44724 MEDIUM POC PATCH This Month

The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Atlassian XSS Handy Macros For Confluence
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-43565 HIGH This Week

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-43563 HIGH This Week

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-38660 HIGH This Week

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Domino
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-20962 HIGH This Week

A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Identity Services Engine
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-20961 HIGH This Week

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Identity Services Engine
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-20958 HIGH This Week

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cisco Broadworks Commpilot Application
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-20956 HIGH This Week

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Identity Services Engine
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-20868 HIGH This Week

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Asyncos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-40263 HIGH This Week

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Totalys Multiprocessor Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41671 HIGH PATCH This Week

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

SQLi Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41670 HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41669 HIGH PATCH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-41668 HIGH PATCH This Week

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41667 HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41666 HIGH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-43945 HIGH PATCH This Week

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Linux Linux Kernel Active Iq Unified Manager H300s Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-39387 HIGH PATCH This Week

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Openid Connect
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-20960 HIGH This Week

A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Email Security Appliance
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-3340 HIGH PATCH This Week

XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

XXE Intrusion Prevention System Manager
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2022-43572 MEDIUM This Month

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43570 MEDIUM This Month

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-43564 MEDIUM This Month

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user who can create search macros and schedule search reports can cause a denial of service through the use of specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-20951 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cisco Broadworks Messaging Server
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-20942 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Asyncos
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-20867 MEDIUM This Month

A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Asyncos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-39384 MEDIUM PATCH This Month

OpenZeppelin Contracts is a library for secure smart contract development. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Contracts Contracts Upgradeable
NVD GitHub
CVSS 3.1
5.6
EPSS
0.5%
CVE-2022-38654 MEDIUM This Month

HCL Domino is susceptible to an information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Domino
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20969 MEDIUM This Month

A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Umbrella
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-43562 MEDIUM This Month

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-27894 MEDIUM This Month

The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Foundry Blobster
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-20963 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-20937 MEDIUM This Month

A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Identity Services Engine
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-20772 MEDIUM This Month

A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Code Injection Email Security Appliance Firmware Secure Email And Web Manager Firmware
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3721 MEDIUM PATCH This Month

Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

RCE Code Injection Froxlor
NVD GitHub
CVSS 3.1
4.6
EPSS
0.8%
CVE-2022-27893 MEDIUM This Month

The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Osisoft Pi Web Connector
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy