Skip to main content
CVE-2022-46161 CRITICAL POC Act Now

pdfmake is an open source client/server side PDF printing in pure JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Pdfmake
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25912 CRITICAL POC PATCH Act Now

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Simple Git
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-24439 CRITICAL POC PATCH Act Now

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gitpython Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2022-40918 CRITICAL POC Act Now

Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Discovery Wifi U818A Hd Fpv Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-44900 CRITICAL POC PATCH Act Now

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Py7Zr
NVD GitHub
CVSS 3.1
9.1
EPSS
2.2%
CVE-2022-23475 HIGH POC PATCH This Week

daloRADIUS is an open source RADIUS web management application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP XSS Daloradius
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-45548 HIGH POC This Week

AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ayacms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-44289 HIGH POC This Week

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Thinkphp
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-4300 HIGH POC This Week

A vulnerability was found in FastCMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fastcms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-38336 HIGH POC This Week

An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Mobaxterm
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-41325 HIGH POC This Week

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Vlc Media Player Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-45283 HIGH POC This Week

GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter at /scenegraph/svg_attributes.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-42699 CRITICAL Act Now

Auth. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress RCE Easy Wp Smtp
NVD
CVSS 3.1
9.1
EPSS
7.3%
CVE-2022-43363 MEDIUM POC This Month

Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Telegram
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-45359 CRITICAL Act Now

Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Yith Woocommerce Gift Cards
NVD
CVSS 3.1
9.8
EPSS
13.5%
CVE-2022-35843 CRITICAL PATCH Act Now

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Fortinet Authentication Bypass Fortiproxy Fortios
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-46383 CRITICAL Act Now

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Digital Rebar
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-46332 CRITICAL Act Now

The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Protection
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2022-4296 MEDIUM POC This Month

A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tl Wr740N Firmware
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-41559 CRITICAL Act Now

The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Nimbus
NVD
CVSS 3.1
9.3
EPSS
0.7%
CVE-2022-41910 CRITICAL PATCH Act Now

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-41902 CRITICAL PATCH Act Now

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-38337 CRITICAL PATCH Act Now

When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Denial Of Service Mobaxterm
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-45326 MEDIUM POC This Month

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Information Server
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2022-45829 HIGH This Week

Auth. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress Easy Wp Smtp
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2022-42888 HIGH This Week

Unauth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Armember
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-33875 HIGH This Week

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet SQLi Fortiadc
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-46382 HIGH This Week

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Digital Rebar
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4173 HIGH This Week

A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Avast Avg Antivirus
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-43867 HIGH PATCH This Week

IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Spectrum Scale Container Native Storage Access
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42778 HIGH This Week

In windows manager service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-42777 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-42776 HIGH This Week

In UscAIEngine service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39102 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39101 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39100 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39099 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39098 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39097 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39096 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39095 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39094 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39093 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39092 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39091 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-39090 HIGH This Week

In power management service, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-44030 HIGH PATCH This Week

Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Redmine
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-4147 HIGH PATCH This Week

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Quarkus
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-46154 HIGH PATCH This Week

Kodexplorer is a chinese language web based file manager and browser based code editor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kodexplorer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34361 HIGH PATCH This Week

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Secure Proxy
NVD
CVSS 3.1
7.5
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy