Skip to main content
CVE-2022-24942 CRITICAL POC Act Now

Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Micrium Uc Http
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-3998 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in MonikaBrzica scm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Scm
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-42058 CRITICAL POC Act Now

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Tenda Buffer Overflow W15e Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-3240 HIGH POC This Week

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Follow Me Plugin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-42053 HIGH POC This Week

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W15e Firmware
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-41396 HIGH POC This Week

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W15e Firmware
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-41395 HIGH POC This Week

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W15e Firmware
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-40847 HIGH POC This Week

In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W15e Firmware
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-4006 HIGH POC PATCH This Week

A vulnerability, which was classified as problematic, has been found in WBCE CMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Denial Of Service Wbce Cms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-42060 HIGH POC This Week

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Tenda Buffer Overflow W15e Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-42978 HIGH POC This Week

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Confluence Data Center
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-42977 HIGH POC This Week

The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atlassian Confluence Data Center
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-43279 HIGH POC This Week

LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Limesurvey
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40845 MEDIUM POC This Month

The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Information Disclosure W15e Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-42118 MEDIUM POC PATCH This Month

A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Liferay Portal Digital Experience Platform Dxp
NVD VulDB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-3997 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Scm
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-42120 CRITICAL PATCH Act Now

A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Dxp Liferay Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-42122 CRITICAL PATCH Act Now

A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Dxp Liferay Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43265 CRITICAL Act Now

An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload Canteen Management System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42785 CRITICAL Act Now

Multiple W&T products of the ComServer Series are prone to an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass At Modem Emulator Firmware Com Server Firmware Com Server 20Ma Firmware Com Server Highspeed 100Basefx Firmware +13
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-45400 CRITICAL Act Now

Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Japex
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45397 CRITICAL Act Now

Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Osf Builder Suite
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-45396 CRITICAL Act Now

Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Sourcemonitor
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-45395 CRITICAL Act Now

Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Cccc
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-33234 CRITICAL Act Now

Memory corruption in video due to configuration weakness. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Buffer Overflow Aqt1000 Firmware Qca6310 Firmware +108
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-25727 CRITICAL Act Now

Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Ar8031 Firmware Csra6620 Firmware Csra6640 Firmware +18
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-25674 CRITICAL Act Now

Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Ar8031 Firmware Csra6620 Firmware Csra6640 Firmware +13
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-42984 CRITICAL Act Now

WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Wowonder
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-43071 MEDIUM POC This Month

A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-40844 MEDIUM POC This Month

In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda XSS W15e Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-42121 HIGH PATCH This Week

A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Liferay Portal Digital Experience Platform Dxp
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-40843 MEDIUM POC THREAT This Month

The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W15e Firmware
NVD
CVSS 3.1
4.9
EPSS
28.8%
CVE-2022-29277 HIGH This Week

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Memory Corruption Amd Buffer Overflow Genoa Firmware +38
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-20926 HIGH This Week

A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-40846 MEDIUM POC This Month

In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda XSS W15e Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-35613 HIGH This Week

Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Konker Platform
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-29279 HIGH This Week

Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-29278 HIGH This Week

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-29276 HIGH This Week

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-30772 HIGH This Week

Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-30771 HIGH This Week

Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-29275 HIGH This Week

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-38385 HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cloud Pak For Security
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-45381 HIGH PATCH This Week

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Jenkins Pipeline Utility Steps
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2022-3377 HIGH PATCH This Week

Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Memory Corruption Cscape
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3737 HIGH This Week

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Automationworx Software Suite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3461 HIGH This Week

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Automationworx Software Suite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-25743 HIGH PATCH This Week

Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Qualcomm Use After Free Buffer Overflow Memory Corruption Apq8009 Firmware +188
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25724 HIGH PATCH This Week

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +198
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-42124 HIGH PATCH This Week

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy