Skip to main content
CVE-2022-4390 CRITICAL POC Act Now

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Ax2400 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.9%
CVE-2022-4375 CRITICAL POC PATCH Act Now

A vulnerability was found in Mingsoft MCMS up to 5.2.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD VulDB
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-45290 CRITICAL POC Act Now

Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Kbase Doc
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-46157 HIGH POC PATCH This Week

Akeneo PIM is an open source Product Information Management (PIM). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache PHP Code Injection Docker RCE +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-44838 HIGH POC This Week

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46166 CRITICAL PATCH Act Now

Spring boot admins is an open source administrative user interface for management of spring boot applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Java Spring Boot Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-2993 CRITICAL Act Now

There is an error in the condition of the last if-statement in the function smp_check_keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-4170 CRITICAL Act Now

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rxvt Unicode Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-23484 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-23480 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23479 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23478 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23477 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23468 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34297 MEDIUM POC This Month

Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gii
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-45292 MEDIUM POC This Month

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Funkwhale
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-23493 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-23483 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-23482 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-23481 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-23510 HIGH PATCH This Week

cube-js is a headless business intelligence platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Cube Js
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-44213 MEDIUM POC This Month

ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Automatic Data Master Server
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-2752 HIGH This Week

A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Gatemanager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23497 HIGH PATCH This Week

FreshRSS is a free, self-hostable RSS aggregator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Freshrss
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44790 HIGH This Week

Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Email Marketer
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-3724 HIGH This Week

Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Wireshark
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-3259 HIGH This Week

Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2022-38765 MEDIUM This Month

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vitrea View
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-29839 MEDIUM This Month

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure My Cloud Os
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-41299 MEDIUM This Month

IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Transformation Advisor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-4336 MEDIUM This Month

In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive information via the log analysis feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Baota
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-25630 MEDIUM POC This Month

An authenticated user can embed malicious content with XSS into the admin group policy page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Messaging Gateway
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
1.5%
CVE-2022-25629 MEDIUM This Month

An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Messaging Gateway
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4377 MEDIUM This Month

A vulnerability was found in S-CMS 5.0 Build 20220328. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS S Cms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-33187 MEDIUM This Month

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-29838 MEDIUM This Month

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass My Cloud Os
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-4264 MEDIUM This Month

Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation M Files
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy