Skip to main content
CVE-2022-3956 CRITICAL POC Act Now

A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hhims
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3955 CRITICAL POC Act Now

A vulnerability was found in tholum crm42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Crm42
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3948 CRITICAL POC Act Now

A vulnerability classified as critical was found in eolinker goku_lite. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Goku Lite
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3947 CRITICAL POC Act Now

A vulnerability classified as critical has been found in eolinker goku_lite. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Goku Lite
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3944 HIGH POC This Week

A vulnerability was found in jerryhanjj ERP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Erp
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3952 HIGH POC PATCH This Week

A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Portofino
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.6%
CVE-2022-41854 MEDIUM POC PATCH This Month

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow Snakeyaml Fedora
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-45182 CRITICAL PATCH Act Now

Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pi Star Digital Voice Dashboard
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-34331 CRITICAL Act Now

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Powervm Hypervisor
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-29486 CRITICAL PATCH Act Now

Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Intel Privilege Escalation Buffer Overflow Hyperscan
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-26845 CRITICAL Act Now

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Authentication Bypass Privilege Escalation Active Management Technology Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-3940 CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in lanyulei ferry. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ferry
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-3939 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in lanyulei ferry. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ferry
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-41892 CRITICAL PATCH Act Now

Arches is a web platform for creating, managing, & visualizing geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Arches
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-36938 CRITICAL PATCH Act Now

DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure RCE Google Buffer Overflow Redex
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-26513 CRITICAL Act Now

Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Memory Corruption Privilege Escalation Buffer Overflow Xmm 7560 Firmware
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2022-3945 MEDIUM POC PATCH This Month

Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kavita
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-3941 MEDIUM POC This Month

A vulnerability has been found in Activity Log Plugin and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Activity Log
NVD VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-38387 HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Cloud Pak For Security
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-33942 HIGH This Week

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Privilege Escalation Data Center Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-29893 HIGH This Week

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Authentication Bypass Privilege Escalation Active Management Technology Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-26341 HIGH PATCH This Week

Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Intel Privilege Escalation Active Management Technology Software Development Kit Endpoint Management Assistant Manageability Commander
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41906 HIGH PATCH This Week

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Opensearch Notifications
NVD GitHub
CVSS 3.1
8.7
EPSS
0.7%
CVE-2022-27639 HIGH This Week

Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Xmm 7560 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2022-28126 HIGH This Week

Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Xmm 7560 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-26367 HIGH This Week

Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Buffer Overflow Xmm 7560 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-26079 HIGH This Week

Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Xmm 7560 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-26369 HIGH This Week

Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Privilege Escalation Buffer Overflow Xmm 7560 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2022-41882 HIGH PATCH This Week

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Nextcloud RCE Microsoft Code Injection Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38099 HIGH This Week

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc 11 Compute Element Cm11Ebi38W Firmware Nuc 11 Compute Element Cm11Ebc4W Firmware Nuc 11 Compute Element Cm11Ebi58W Firmware +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37345 HIGH PATCH This Week

Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Authentication Bypass Privilege Escalation Nuc Kit Nuc5I3Ryh Firmware Nuc Kit Nuc5I7Ryh Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37334 HIGH PATCH This Week

Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Privilege Escalation Nuc 11 Pro Kit Nuc11Tnhi70Z Firmware Nuc 11 Pro Kit Nuc11Tnki70Z Firmware Nuc 11 Pro Kit Nuc11Tnki30Z Firmware +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-36789 HIGH This Week

Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Privilege Escalation Nuc 10 Performance Kit Nuc10I7Fnhn Firmware Nuc 10 Performance Kit Nuc10I5Fnkn Firmware +24
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-36400 HIGH This Week

Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Microsoft Privilege Escalation Intel Nuc Kit Wireless Adapter Driver Installer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-36377 HIGH This Week

Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Microsoft Privilege Escalation Nuc Kit Wireless Adapter Driver Installer
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-36370 HIGH PATCH This Week

Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before version MYi30060 may allow a privileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Authentication Bypass Privilege Escalation Nuc Kit Nuc5I3Myhe Firmware Nuc Board Nuc5I3Mybe Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30548 HIGH This Week

Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Glorp
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30297 HIGH This Week

Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation XSS Endpoint Management Assistant
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27638 HIGH PATCH This Week

Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Privilege Escalation Advanced Link Analyzer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27187 HIGH PATCH This Week

Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Privilege Escalation Quartus Prime
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-26124 HIGH PATCH This Week

Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, Intel(R) NUC 8 Rugged Boards and Intel(R) NUC 8 Rugged Kits before version CHAPLCEL.0059 may allow a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Intel Privilege Escalation Buffer Overflow Nuc 8 Rugged Kit Nuc8Cchkrn Firmware Nuc 8 Rugged Kit Nuc8Cchkr Firmware +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-26024 HIGH This Week

Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc7I3Dnbe Firmware Nuc7I3Dnhe Firmware Nuc7I3Dnhnc Firmware +8
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-27497 HIGH This Week

Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Intel Denial Of Service Active Management Technology Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-27233 HIGH PATCH This Week

XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Intel Information Disclosure Quartus Prime
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-26508 HIGH PATCH This Week

Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Intel Information Disclosure Authentication Bypass Server Debug And Provisioning Tool
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-36384 HIGH This Week

Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Intel Microsoft Privilege Escalation Nuc Kit Wireless Adapter Driver Installer
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-36380 HIGH This Week

Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Intel Microsoft Privilege Escalation Nuc Kit Wireless Adapter Driver Installer
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-26086 HIGH This Week

Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Gametechdev Presentmon
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-26028 HIGH This Week

Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Vtune Profiler
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-28611 HIGH This Week

Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Xmm 7560 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy