Skip to main content
CVE-2022-31199 CRITICAL POC KEV THREAT Act Now

Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Auditor
NVD
CVSS 3.1
9.8
EPSS
36.0%
CVE-2022-44311 HIGH POC This Week

html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_close(tree_node_t *nodo) at procesador.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Html2Xhtml
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-39377 HIGH POC This Week

sysstat is a set of system performance tools for the Linux operating system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Sysstat Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-39343 HIGH POC PATCH This Week

Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft Buffer Overflow Azure Rtos Filex
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-43343 HIGH POC This Week

N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow N Prolog
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-37015 CRITICAL Act Now

Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Detection And Response
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-34825 CRITICAL Act Now

Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-34824 CRITICAL Act Now

Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Privilege Escalation Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34823 CRITICAL Act Now

Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Buffer Overflow Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-34822 CRITICAL Act Now

Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Microsoft Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-27516 CRITICAL Act Now

User login brute force protection functionality bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gateway Application Delivery Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-27510 CRITICAL Act Now

Unauthorized access to Gateway user capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gateway Application Delivery Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-33321 CRITICAL Act Now

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mac 557If E Firmware Mac 557If E1 Firmware Pac Wf010 E Firmware Mac 566Ifb E Firmware +174
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-27858 CRITICAL Act Now

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress Activity Log
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-44457 CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Saml
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-39352 CRITICAL PATCH Act Now

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Openfga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-27513 CRITICAL Act Now

Remote desktop takeover via phishing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gateway Application Delivery Controller Firmware
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2022-3821 MEDIUM POC PATCH This Month

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Systemd Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-44321 MEDIUM POC This Month

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function in lex.c when called from LexScanGetToken. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Picoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44320 MEDIUM POC This Month

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP function in expression.c when called from ExpressionParseFunctionCall. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Picoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44319 MEDIUM POC This Month

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function in cstdlib/string.c when called from ExpressionParseFunctionCall. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Picoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44318 MEDIUM POC This Month

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Picoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44317 MEDIUM POC This Month

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Picoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44316 MEDIUM POC This Month

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant function in lex.c when called from LexScanGetToken. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Picoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44315 MEDIUM POC This Month

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Picoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44314 MEDIUM POC This Month

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Picoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44313 MEDIUM POC This Month

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsignedInteger function in expression.c when called from ExpressionParseFunctionCall. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Picoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44312 MEDIUM POC This Month

PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger function in expression.c when called from ExpressionInfixOperator. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Picoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43144 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Canteen Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-30515 MEDIUM POC This Month

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Biotime
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-41203 HIGH This Week

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Deserialization Businessobjects Business Intelligence
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-44741 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress XSS Testimonial Slider
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-41136 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress XSS Shortcodes Ultimate
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-38137 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= 4.2.2 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Analytify Google Analytics Dashboard
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-41757 HIGH This Week

An issue was discovered in the Arm Mali GPU Kernel Driver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Valhall Gpu Kernel Driver
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-43546 HIGH PATCH This Week

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE 7Kg9501 0Aa01 2Aa1 Firmware 7Kg9501 0Aa31 2Aa1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-43545 HIGH PATCH This Week

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE 7Kg9501 0Aa01 2Aa1 Firmware 7Kg9501 0Aa31 2Aa1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-43439 HIGH PATCH This Week

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions < V2.50), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions < V2.50), POWER METER SICAM Q100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE 7Kg9501 0Aa01 2Aa1 Firmware 7Kg9501 0Aa31 2Aa1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-43398 HIGH PATCH This Week

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Session Fixation 7Kg9501 0Aa01 2Aa1 Firmware 7Kg9501 0Aa31 2Aa1 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-41214 HIGH This Week

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
8.7
EPSS
0.7%
CVE-2022-39328 HIGH PATCH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Grafana
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-41211 HIGH This Week

Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP RCE Buffer Overflow 3D Visual Enterprise Author 3D Visual Enterprise Viewer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-20462 HIGH This Week

In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20452 HIGH POC This Week

In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-20451 HIGH This Week

In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20450 HIGH This Week

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20441 HIGH This Week

In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-32601 HIGH This Week

In telephony, there is a possible permission bypass due to a parcel format mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-43397 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Simcenter Femap (All. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Parasolid
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41664 HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7),. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy