Skip to main content
CVE-2022-31199 CRITICAL POC KEV THREAT Act Now

Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Auditor
NVD
CVSS 3.1
9.8
EPSS
36.0%
CVE-2022-37015 CRITICAL Act Now

Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Detection And Response
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-34825 CRITICAL Act Now

Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-34824 CRITICAL Act Now

Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Privilege Escalation Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34823 CRITICAL Act Now

Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Buffer Overflow Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-34822 CRITICAL Act Now

Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Microsoft Expresscluster X Expresscluster X Singleserversafe
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-27516 CRITICAL Act Now

User login brute force protection functionality bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gateway Application Delivery Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-27510 CRITICAL Act Now

Unauthorized access to Gateway user capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gateway Application Delivery Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-33321 CRITICAL Act Now

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mac 557If E Firmware Mac 557If E1 Firmware Pac Wf010 E Firmware Mac 566Ifb E Firmware +174
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-27858 CRITICAL Act Now

CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress Activity Log
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-44457 CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Saml
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-39352 CRITICAL PATCH Act Now

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Openfga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-27513 CRITICAL Act Now

Remote desktop takeover via phishing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gateway Application Delivery Controller Firmware
NVD
CVSS 3.1
9.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy