Skip to main content
CVE-2022-3362 CRITICAL POC PATCH Act Now

Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-37109 CRITICAL POC PATCH THREAT Act Now

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Camp
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
49.2%
CVE-2022-3993 CRITICAL POC PATCH Act Now

Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kavita
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-3574 CRITICAL POC Act Now

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Wpforms Pro
NVD WPScan
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-3477 CRITICAL POC Act Now

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Newsmag Newspaper Tagdiv Composer
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-43323 HIGH POC This Week

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Eyoucms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-43288 HIGH POC This Week

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rukovoditel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-40127 HIGH POC PATCH THREAT This Week

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Apache Code Injection Airflow
NVD GitHub
CVSS 3.1
8.8
EPSS
85.7%
CVE-2022-43030 HIGH POC This Week

Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Brute Force Siyucms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.9%
CVE-2022-31630 HIGH POC This Week

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service
NVD
CVSS 3.1
7.1
EPSS
2.2%
CVE-2022-3632 MEDIUM POC This Month

The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Oauth Client
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3538 MEDIUM POC This Month

The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Webmaster Tools Verification
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-2449 MEDIUM POC This Month

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Resmush It Image Optimizer
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3578 MEDIUM POC This Month

The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profilegrid
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-3484 MEDIUM POC This Month

The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-3415 MEDIUM POC This Month

The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Chat Bubble
NVD WPScan VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-43294 CRITICAL PATCH Act Now

Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Tasmota
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-24937 CRITICAL Act Now

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emberznet
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-45136 CRITICAL Act Now

Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Jena Sdb
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-45378 CRITICAL Act Now

In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Authentication Bypass Soap
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-0137 MEDIUM POC PATCH This Month

A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Htmldoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-37290 MEDIUM POC PATCH This Month

GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Nautilus Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43342 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eramba
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-44387 HIGH This Week

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Eyoucms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-43693 HIGH PATCH This Week

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Concrete Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-3631 MEDIUM POC This Month

The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Oauth Client
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3539 MEDIUM POC This Month

The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Super Testimonials
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3469 MEDIUM POC This Month

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Attachments
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-45183 HIGH This Week

Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Powershell Universal
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-2450 MEDIUM POC This Month

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Resmush It Image Optimizer
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-34325 HIGH This Week

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-3238 HIGH This Week

A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-40735 HIGH This Week

The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Diffie Hellman Key Exchange
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-27896 HIGH This Week

Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Foundry Code Workbooks
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-34320 HIGH PATCH This Week

IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-34319 HIGH PATCH This Week

IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-24938 HIGH This Week

A malformed packet causes a stack overflow in the Ember ZNet stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emberznet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-0324 HIGH This Week

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Buffer Overflow Software For Open Networking In The Cloud
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-27949 HIGH PATCH This Week

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Apache Airflow
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-45199 HIGH PATCH This Week

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-45198 HIGH PATCH This Week

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-43146 HIGH This Week

An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload Canteen Management System
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-45184 HIGH This Week

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Powershell Universal
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2022-40903 MEDIUM This Month

Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gt Dmb N Firmware Gt Dmb Firmware Gt Dmb Lvn Firmware Gt Db Vn Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-43686 MEDIUM PATCH This Month

In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Concrete Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-39385 MEDIUM PATCH This Month

Discourse is the an open source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-44389 MEDIUM This Month

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Eyoucms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-33982 MEDIUM This Month

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-33907 MEDIUM This Month

DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... Rated medium severity (CVSS 6.4). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-32266 MEDIUM This Month

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy