Skip to main content
CVE-2022-45063 CRITICAL POC PATCH THREAT Act Now

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.4%.

Command Injection RCE
NVD
CVSS 3.1
9.8
EPSS
22.4%
Threat
4.1
CVE-2022-44088 CRITICAL POC THREAT Emergency

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.6%.

RCE Code Injection Espcms
NVD VulDB
CVSS 3.1
9.8
EPSS
21.6%
Threat
4.1
CVE-2022-44089 CRITICAL POC Act Now

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Espcms
NVD VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-44087 CRITICAL POC Act Now

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Espcms
NVD VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-43074 CRITICAL POC Act Now

AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Ayacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44727 CRITICAL POC Act Now

The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Eu Cookie Law Gdpr
NVD
CVSS 3.1
9.1
EPSS
2.4%
CVE-2022-41719 HIGH POC PATCH This Week

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Messagepack
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-45129 HIGH POC PATCH This Week

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Payara
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-38121 MEDIUM POC This Month

UPSMON PRO configuration file stores user password in plaintext under public user directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Upsmon Pro
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2022-38120 MEDIUM POC This Month

UPSMON PRO’s has a path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Upsmon Pro
NVD
CVSS 3.1
6.5
EPSS
5.6%
CVE-2022-45130 MEDIUM POC This Month

Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Obsidian
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-35740 MEDIUM POC This Month

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Tomcat XSS Dotcms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-40981 CRITICAL PATCH Act Now

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Remote Access Server Firmware
NVD
CVSS 3.1
10.0
EPSS
0.5%
CVE-2022-3703 CRITICAL PATCH Act Now

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Remote Access Server Firmware
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2022-39395 CRITICAL PATCH Act Now

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Server Ui Worker
NVD GitHub
CVSS 3.1
9.9
EPSS
1.1%
CVE-2022-41878 CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Authentication Bypass Parse Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41879 CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Authentication Bypass Prototype Pollution Parse Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39394 CRITICAL PATCH Act Now

Wasmtime is a standalone runtime for WebAssembly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Wasmtime
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-39036 CRITICAL Act Now

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Agentflow
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38119 CRITICAL Act Now

UPSMON Pro login function has insufficient authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Upsmon Pro
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-39396 CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE Prototype Pollution Parse Server
NVD GitHub
CVSS 3.1
9.8
EPSS
38.7%
CVE-2022-26088 MEDIUM POC This Month

An issue was discovered in BMC Remedy before 22.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Remedy It Service Management Suite
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-3726 CRITICAL Act Now

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
9.0
EPSS
0.8%
CVE-2022-39038 HIGH This Week

Agentflow BPM enterprise management system has improper authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Agentflow
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-42787 HIGH This Week

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure At Modem Emulator Firmware Com Server Firmware Com Server 20Ma Firmware Com Server Highspeed 100Basefx Firmware +13
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-39393 HIGH PATCH This Week

Wasmtime is a standalone runtime for WebAssembly. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wasmtime
NVD GitHub
CVSS 3.1
8.6
EPSS
0.7%
CVE-2022-43753 MEDIUM POC This Month

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Python Tomcat Manager Server +1
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-39368 HIGH PATCH This Week

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Californium
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-41607 HIGH PATCH This Week

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Remote Access Server Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39037 HIGH This Week

Agentflow BPM file download function has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Agentflow
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-38122 HIGH This Week

UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Upsmon Pro
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-39392 HIGH PATCH This Week

Wasmtime is a standalone runtime for WebAssembly. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Wasmtime
NVD GitHub
CVSS 3.1
7.4
EPSS
0.6%
CVE-2022-40225 MEDIUM PATCH This Month

A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Siplus Tim 1531 Irc Firmware
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2022-39398 MEDIUM PATCH This Month

tasklists is a tasklists plugin for GLPI (Kanban). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tasklists
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-34666 MEDIUM This Month

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Microsoft Nvidia +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-42460 MEDIUM This Month

Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Traffic Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-43754 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Java XSS Manager Server Uyuni
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-42786 MEDIUM This Month

Multiple W&T Products of the ComServer Series are prone to an XSS attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS At Modem Emulator Firmware Com Server Firmware Com Server 20Ma Firmware Com Server Highspeed 100Basefx Firmware +13
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-43679 MEDIUM This Month

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Owncloud
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-41876 MEDIUM PATCH This Month

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ezplatform Graphql
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2022-36022 MEDIUM This Month

Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Deeplearning4J
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-3818 MEDIUM This Month

An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-3793 MEDIUM This Month

An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-41874 MEDIUM PATCH This Month

Tauri is a framework for building binaries for all major desktop platforms. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Apple Microsoft Tauri
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-31255 MEDIUM This Month

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java Python Tomcat Manager Server +1
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-3867 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Nomad
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-3866 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Nomad
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-3819 MEDIUM This Month

An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-3706 MEDIUM This Month

Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-3413 MEDIUM This Month

Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy