Skip to main content
CVE-2022-43031 HIGH POC This Week

DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-30543 HIGH POC This Week

A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41106 HIGH Act Now

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.6% and no vendor patch available.

Microsoft RCE 365 Apps Excel Office +3
NVD VulDB
CVSS 3.1
8.8
EPSS
17.6%
CVE-2022-29888 HIGH POC This Week

A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ir302 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2022-32588 HIGH POC This Week

An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-31253 HIGH POC This Week

A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openldap2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42966 HIGH POC PATCH This Week

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cleo
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-42965 HIGH POC PATCH This Week

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Snowflake Connector
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-42964 HIGH POC PATCH This Week

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pymatgen
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45061 HIGH POC This Week

An issue was discovered in Python before 3.11.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Fedora Active Iq Unified Manager E Series Performance Analyzer +5
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-43278 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43277 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-43292 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43291 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-43290 HIGH POC This Week

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-41128 HIGH KEV PATCH THREAT This Week

Windows Scripting Languages Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
24.6%
CVE-2022-41080 HIGH KEV PATCH THREAT This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
8.8
EPSS
77.3%
CVE-2022-41062 HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-41048 HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-41047 HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-3450 HIGH This Week

Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3449 HIGH This Week

Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-3448 HIGH This Week

Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3446 HIGH This Week

Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3445 HIGH This Week

Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-28689 HIGH This Week

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3889 HIGH This Week

Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3888 HIGH This Week

Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3887 HIGH This Week

Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3886 HIGH This Week

Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3885 HIGH This Week

Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-41063 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Excel Office +3
NVD VulDB
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-41107 HIGH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-41088 HIGH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Microsoft Windows 10 Windows 11 +5
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-41044 HIGH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Microsoft Windows 7 Windows Server 2008
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-41039 HIGH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Microsoft Windows 10 Windows 11 +8
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-39306 HIGH PATCH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Grafana
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-38023 HIGH PATCH This Week

Netlogon RPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 +5
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2022-37966 HIGH PATCH This Week

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +6
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2022-41061 HIGH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Code Injection 365 Apps Office +6
NVD VulDB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-41079 HIGH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2022-41078 HIGH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2022-41125 HIGH KEV PATCH THREAT This Week

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2022-41123 HIGH This Week

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Exchange Server
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41120 HIGH POC This Week

Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Sysmon
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-41119 HIGH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-41113 HIGH This Week

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2019 +1
NVD
CVSS 3.1
7.8
EPSS
8.7%
CVE-2022-41109 HIGH This Week

Windows Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
7.8
EPSS
8.1%
CVE-2022-41102 HIGH This Week

Windows Overlay Filter Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41101 HIGH This Week

Windows Overlay Filter Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy