Skip to main content
CVE-2022-24441 HIGH POC PATCH This Week

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Snyk Cli Snyk Language Server Snyk Security
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-41412 HIGH POC This Week

An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SSRF Perfsonar
NVD GitHub
CVSS 3.1
8.6
EPSS
4.1%
CVE-2022-45332 HIGH POC This Week

LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-4228 HIGH POC This Week

A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Book Store Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-45337 HIGH POC This Week

Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Tx9 Pro Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44296 HIGH POC This Week

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sanitization Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-44295 HIGH POC This Week

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sanitization Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-44294 HIGH POC This Week

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sanitization Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-45328 HIGH POC This Week

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Church Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-26366 HIGH This Week

Cross-Site Request Forgery (CSRF) in AdRotate Banner Manager Plugin <= 5.9 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Adrotate Banner Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-4194 HIGH This Week

Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4193 HIGH This Week

Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4192 HIGH This Week

Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-4191 HIGH This Week

Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4190 HIGH This Week

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4181 HIGH This Week

Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4180 HIGH This Week

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-4179 HIGH This Week

Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-4178 HIGH This Week

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2022-4177 HIGH This Week

Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-4176 HIGH This Week

Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4175 HIGH This Week

Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4174 HIGH This Week

Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23746 HIGH PATCH This Week

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ssl Network Extender
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-40265 HIGH This Week

Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rj71En71 Firmware R04Encpu Firmware R08Encpu Firmware R16Encpu Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy