Skip to main content
CVE-2022-41622 HIGH POC THREAT Act Now

In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Big Iq Centralized Management Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Access Policy Manager +8
NVD
CVSS 3.1
8.8
EPSS
88.0%
CVE-2022-41800 HIGH POC THREAT Act Now

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
8.7
EPSS
62.4%
CVE-2022-45550 CRITICAL POC Act Now

AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ayacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-44351 CRITICAL POC Act Now

Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Skycaiji
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44371 CRITICAL POC Act Now

hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Hope Boot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-46742 CRITICAL POC PATCH Act Now

Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45026 CRITICAL POC Act Now

An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Markdown Preview Enhanced
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-45025 CRITICAL POC THREAT Act Now

Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Markdown Preview Enhanced
NVD GitHub
CVSS 3.1
9.8
EPSS
34.5%
CVE-2022-45010 CRITICAL POC Act Now

Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /PhoneBook/edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Phone Book Directory Web App
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-46741 CRITICAL POC PATCH Act Now

Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Paddlepaddle
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-44373 HIGH POC This Week

A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Tew 820Ap Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-44849 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Metinfo
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-45915 HIGH POC This Week

ILIAS before 7.16 allows OS Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ilias
NVD
CVSS 3.1
8.8
EPSS
4.7%
CVE-2022-44942 HIGH POC PATCH This Week

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Casdoor
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-46770 HIGH POC THREAT This Week

qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mirage Firewall
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
21.5%
CVE-2022-44393 HIGH POC This Week

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sanitization Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-4322 HIGH POC PATCH This Week

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Information Disclosure Maku Boot
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-45009 HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-45918 MEDIUM POC This Month

ILIAS before 7.16 allows External Control of File Name or Path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ilias
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-4341 MEDIUM POC This Month

A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Coder Chain Gdut
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-44153 MEDIUM POC This Month

Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rapid Scada
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-45917 MEDIUM POC This Month

ILIAS before 7.16 has an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Ilias
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2022-42458 CRITICAL Act Now

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bingo Cms
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44361 MEDIUM POC This Month

An issue was discovered in ZZCMS 2022. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Zzcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-45217 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Book Store Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-45916 MEDIUM POC This Month

ILIAS before 7.16 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ilias
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43581 HIGH PATCH This Week

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

IBM Buffer Overflow Content Navigator
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-40966 HIGH PATCH This Week

Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass HP Wcr 300 Firmware Whr Hp G300N Firmware Whr Hp Gn Firmware +72
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-44620 HIGH This Week

Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Udr Ja1604 Firmware Udr Ja1608 Firmware Udr Ja1616 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-44606 HIGH This Week

OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Udr Ja1604 Firmware Udr Ja1608 Firmware Udr Ja1616 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-43464 HIGH This Week

Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Udr Ja1604 Firmware Udr Ja1608 Firmware Udr Ja1616 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-45008 MEDIUM POC This Month

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Leave Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-2952 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2948 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2002 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-43667 HIGH This Week

Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure RCE Buffer Overflow Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-43509 HIGH This Week

Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure RCE Buffer Overflow Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-43508 HIGH This Week

Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Use After Free Memory Corruption Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23491 HIGH PATCH This Week

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Certifi E Series Performance Analyzer +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-23487 HIGH PATCH This Week

js-libp2p is the official javascript Implementation of libp2p networking stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libp2P
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-23486 HIGH PATCH This Week

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libp2P
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41720 HIGH PATCH This Week

On Windows, restricted files can be accessed via os.DirFS and http.Dir. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Go
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-44608 HIGH This Week

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cybozu Remote Service
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-43468 HIGH This Week

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Wordpress Popular Posts
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-43660 HIGH This Week

Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection Movable Type
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-39044 MEDIUM PATCH This Month

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Command Injection HP Wcr 300 Firmware Whr Hp G300N Firmware Whr Hp Gn Firmware +51
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-23471 MEDIUM PATCH This Month

containerd is an open source container runtime. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Containerd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-34840 MEDIUM PATCH This Month

Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Wzr 300Hp Firmware Wzr 450Hp Firmware Wzr 600Dhp Firmware Wzr 900Dhp Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-45113 MEDIUM This Month

Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Movable Type
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-3643 MEDIUM This Month

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Broadcom Cisco Denial Of Service Linux Kernel Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy