Skip to main content
CVE-2022-43323 HIGH POC This Week

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Eyoucms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-43288 HIGH POC This Week

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the order_by parameter at /rukovoditel/index.php?module=logs/view&type=php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rukovoditel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-40127 HIGH POC PATCH THREAT This Week

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Apache Code Injection Airflow
NVD GitHub
CVSS 3.1
8.8
EPSS
85.7%
CVE-2022-43030 HIGH POC This Week

Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Brute Force Siyucms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.9%
CVE-2022-31630 HIGH POC This Week

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service
NVD
CVSS 3.1
7.1
EPSS
2.2%
CVE-2022-44387 HIGH This Week

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Eyoucms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-43693 HIGH PATCH This Week

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Concrete Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-45183 HIGH This Week

Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Powershell Universal
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-34325 HIGH This Week

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-3238 HIGH This Week

A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-40735 HIGH This Week

The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Diffie Hellman Key Exchange
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-27896 HIGH This Week

Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Foundry Code Workbooks
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-34320 HIGH PATCH This Week

IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-34319 HIGH PATCH This Week

IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-24938 HIGH This Week

A malformed packet causes a stack overflow in the Ember ZNet stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emberznet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-0324 HIGH This Week

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Buffer Overflow Software For Open Networking In The Cloud
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-27949 HIGH PATCH This Week

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Apache Airflow
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-45199 HIGH PATCH This Week

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-45198 HIGH PATCH This Week

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-43146 HIGH This Week

An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload Canteen Management System
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-45184 HIGH This Week

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Powershell Universal
NVD
CVSS 3.1
7.2
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy