Skip to main content
CVE-2022-46157 HIGH POC PATCH This Week

Akeneo PIM is an open source Product Information Management (PIM). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache PHP Code Injection Docker RCE +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-44838 HIGH POC This Week

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-23510 HIGH PATCH This Week

cube-js is a headless business intelligence platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Cube Js
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-2752 HIGH This Week

A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Gatemanager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23497 HIGH PATCH This Week

FreshRSS is a free, self-hostable RSS aggregator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Freshrss
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44790 HIGH This Week

Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Email Marketer
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-3724 HIGH This Week

Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Wireshark
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-3259 HIGH This Week

Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
7.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy