Skip to main content
CVE-2022-3240 HIGH POC This Week

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Follow Me Plugin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-42053 HIGH POC This Week

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W15e Firmware
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-41396 HIGH POC This Week

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W15e Firmware
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-41395 HIGH POC This Week

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W15e Firmware
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-40847 HIGH POC This Week

In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W15e Firmware
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-4006 HIGH POC PATCH This Week

A vulnerability, which was classified as problematic, has been found in WBCE CMS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Denial Of Service Wbce Cms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-42060 HIGH POC This Week

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Tenda Buffer Overflow W15e Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-42978 HIGH POC This Week

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Confluence Data Center
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-42977 HIGH POC This Week

The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atlassian Confluence Data Center
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-43279 HIGH POC This Week

LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Limesurvey
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-42121 HIGH PATCH This Week

A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Liferay Portal Digital Experience Platform Dxp
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-29277 HIGH This Week

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Memory Corruption Amd Buffer Overflow Genoa Firmware +38
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-20926 HIGH This Week

A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-35613 HIGH This Week

Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Konker Platform
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-29279 HIGH This Week

Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-29278 HIGH This Week

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-29276 HIGH This Week

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-30772 HIGH This Week

Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-30771 HIGH This Week

Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-29275 HIGH This Week

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-38385 HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cloud Pak For Security
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-45381 HIGH PATCH This Week

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Jenkins Pipeline Utility Steps
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2022-3377 HIGH PATCH This Week

Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Memory Corruption Cscape
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3737 HIGH This Week

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Automationworx Software Suite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3461 HIGH This Week

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Automationworx Software Suite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-25743 HIGH PATCH This Week

Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Qualcomm Use After Free Buffer Overflow Memory Corruption Apq8009 Firmware +188
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25724 HIGH PATCH This Week

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +198
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-42124 HIGH PATCH This Week

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-42125 HIGH PATCH This Week

Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-42123 HIGH PATCH This Week

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Elastic Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-41916 HIGH This Week

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Heimdal Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-30283 HIGH This Week

In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM. Rated high severity (CVSS 7.5). No vendor patch available.

Intel Privilege Escalation Kernel
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2022-20947 HIGH This Week

A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Buffer Overflow Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-20946 HIGH This Week

A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Cisco Denial Of Service Buffer Overflow Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-20918 HIGH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Services Software For Asa Secure Firewall Management Center
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-20854 HIGH This Week

A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Secure Firewall Management Center Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45391 HIGH PATCH This Week

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-45388 HIGH This Week

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jenkins Config Rotator
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-45385 HIGH PATCH This Week

A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Jenkins Cloudbees Docker Hub Registry Notification
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-45379 HIGH PATCH This Week

Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Script Security
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38666 HIGH This Week

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-27895 HIGH This Week

Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foundry Build2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-40308 HIGH PATCH This Week

If anonymous read enabled, it's possible to read the database file directly without logging in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Archiva
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-3480 HIGH This Week

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fl Mguard Centerport Firmware Fl Mguard Centerport Vpn 1000 Firmware Fl Mguard Core Tx Firmware Fl Mguard Core Tx Vpn Firmware +27
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33239 HIGH This Week

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Apq8009 Firmware Apq8017 Firmware Apq8096Au Firmware +231
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-33237 HIGH This Week

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Buffer Overflow Aqt1000 Firmware Ar8031 Firmware +236
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-33236 HIGH This Week

Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Buffer Overflow Ar8035 Firmware Csr8811 Firmware +76
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25742 HIGH This Week

Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Ar8031 Firmware Csra6620 Firmware Csra6640 Firmware +18
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25741 HIGH PATCH This Week

Denial of service in WLAN due to potential null pointer dereference while accessing the memory location in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Qualcomm Denial Of Service Aqt1000 Firmware Ar8035 Firmware +123
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25710 HIGH This Week

Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Qualcomm Denial Of Service Apq8009 Firmware Apq8017 Firmware +60
NVD
CVSS 3.1
7.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy