Skip to main content
CVE-2022-1471 CRITICAL POC PATCH THREAT Act Now

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Snakeyaml
NVD GitHub
CVSS 3.1
9.8
EPSS
99.6%
CVE-2022-43333 CRITICAL POC Act Now

Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Tvox
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-4257 CRITICAL POC THREAT Act Now

A vulnerability was found in C-DATA Web Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP C Data Web Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
43.9%
CVE-2022-30528 CRITICAL POC Act Now

SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Isic Lk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-4221 CRITICAL POC Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nas M25 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2022-4248 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Movie Ticket Booking System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-4247 CRITICAL POC Act Now

A vulnerability classified as critical was found in Movie Ticket Booking System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Movie Ticket Booking System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-36431 CRITICAL POC Act Now

An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Trufusion
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44262 CRITICAL POC PATCH Act Now

ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ff4J
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-35120 HIGH POC This Week

IXPdata EasyInstall 6.6.14725 contains an access control issue. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Easyinstall
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-45045 HIGH POC This Week

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mbd6304T Nbd6808T Pl Nbd7004T P Nbd7008T P +140
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-40489 HIGH POC PATCH This Week

ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Thinkcmf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-28607 HIGH POC This Week

An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Isic Lk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45640 HIGH POC This Week

Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Tenda Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-4252 MEDIUM POC This Month

A vulnerability was found in SourceCodester Canteen Management System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Canteen Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4250 MEDIUM POC This Month

A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Movie Ticket Booking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4249 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Movie Ticket Booking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37016 CRITICAL Act Now

Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Symantec Endpoint Protection
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3270 CRITICAL Act Now

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bus Module Cpx E Ep Firmware Bus Node Cpx Fb32 Firmware Bus Node Cpx Fb33 Firmware Bus Node Cpx Fb36 Firmware +95
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-4253 MEDIUM POC This Month

A vulnerability was found in SourceCodester Canteen Management System. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Canteen Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4251 MEDIUM POC This Month

A vulnerability was found in Movie Ticket Booking System and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Movie Ticket Booking System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40849 MEDIUM POC PATCH This Month

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinkcmf
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-3713 HIGH This Week

A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos RCE Code Injection Xg Firewall Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3709 HIGH This Week

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Privilege Escalation XSS Xg Firewall Firmware
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2022-42718 HIGH PATCH This Week

Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Labview Command Line Interface
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-29837 HIGH This Week

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal RCE My Cloud Home Firmware My Cloud Home Duo Firmware Sandisk Ibi Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2969 HIGH This Week

Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Dialink
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-37017 HIGH This Week

Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Symantec Endpoint Protection
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-4246 HIGH This Week

A vulnerability classified as problematic has been found in Kakao PotPlayer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Potplayer
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-44211 HIGH This Week

In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Goodcloud
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2022-3696 HIGH This Week

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos RCE Code Injection Xg Firewall Firmware
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-3226 HIGH This Week

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Xg Firewall Firmware
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-41971 MEDIUM This Month

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Google Nextcloud Talk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-23737 MEDIUM This Month

An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-43900 MEDIUM PATCH This Month

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-41297 MEDIUM This Month

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Db2 On Cloud Pak For Data Db2 Warehouse On Cloud Pak For Data Db2U
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-45050 MEDIUM This Month

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Iguana
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-44212 MEDIUM This Month

In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Goodcloud
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-43901 MEDIUM PATCH This Month

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-40204 MEDIUM This Month

A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dasdec Ii Firmware One Net Se Firmware Dasdec I Firmware One Net Firmware +1
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-41970 MEDIUM PATCH This Month

Nextcloud Server is an open source personal cloud server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-41968 MEDIUM PATCH This Month

Nextcloud Server is an open source personal cloud server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Nextcloud Denial Of Service Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-3711 MEDIUM This Month

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Xg Firewall Firmware
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-41969 LOW PATCH Monitor

Nextcloud Server is an open source personal cloud server. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Nextcloud Denial Of Service Nextcloud Server
NVD GitHub
CVSS 3.1
2.7
EPSS
0.8%
CVE-2022-3710 LOW Monitor

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Xg Firewall Firmware
NVD
CVSS 3.1
2.7
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy