Skip to main content
CVE-2022-45005 CRITICAL POC Act Now

IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ew9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2022-4446 CRITICAL POC PATCH Act Now

PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

LFI Information Disclosure PHP Corebos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-4223 HIGH POC PATCH THREAT This Week

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Code Injection PostgreSQL Pgadmin 4 +1
NVD GitHub
CVSS 3.1
8.8
EPSS
79.9%
CVE-2022-27518 CRITICAL KEV THREAT Emergency

Citrix ADC and Gateway contain an unauthenticated remote code execution vulnerability exploited by APT5 (Chinese state-sponsored) in zero-day attacks against critical infrastructure in December 2022.

NVD
CVSS 3.1
9.8
EPSS
27.7%
Threat
4.0
CVE-2022-29580 HIGH POC This Week

There exists a path traversal vulnerability in the Android Google Search app. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Google Google Search
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-45693 HIGH POC PATCH This Week

Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Jettison Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-45690 HIGH POC PATCH This Week

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Java Denial Of Service Buffer Overflow Json Java +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45689 HIGH POC This Week

hutool-json v5.8.10 was discovered to contain an out of memory error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hutool
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45688 HIGH POC PATCH This Week

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Hutool Json Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-45685 HIGH POC PATCH This Week

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Jettison Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-46051 HIGH POC This Week

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Aerocms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-46059 MEDIUM POC This Month

AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Aerocms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-41915 MEDIUM POC PATCH This Month

Netty project is an event-driven asynchronous network application framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Netty Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-44303 MEDIUM POC PATCH This Month

Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Resque Scheduler
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-46381 MEDIUM POC This Month

Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Linear Emerge E3 Access Control Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-38628 MEDIUM POC This Month

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Session Fixation Linear Emerge E3 Access Control Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-45028 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nvg443B Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-46061 MEDIUM POC This Month

AeroCMS v0.0.1 is vulnerable to ClickJacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aerocms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41653 CRITICAL Act Now

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Svmpc1 Svmpc2
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-46404 CRITICAL Act Now

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-4454 CRITICAL PATCH Act Now

A vulnerability, which was classified as critical, has been found in m0ver bible-online. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java SQLi Bible Online
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46364 CRITICAL PATCH Act Now

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Cxf
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-46353 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43724 CRITICAL PATCH Act Now

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sicam Pas Pqs
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-20473 CRITICAL PATCH Act Now

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure RCE Google Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
8.9%
CVE-2022-20472 CRITICAL PATCH Act Now

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure RCE Google Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2022-44702 HIGH PATCH This Week

Windows Terminal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Microsoft Code Injection RCE Terminal
NVD VulDB
CVSS 3.1
7.8
EPSS
9.8%
CVE-2022-44874 MEDIUM POC This Month

wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Wasm3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-41271 CRITICAL Act Now

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP SQLi Denial Of Service Netweaver Process Integration
NVD
CVSS 3.1
9.4
EPSS
0.6%
CVE-2022-2757 CRITICAL Act Now

Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tms300 Cs Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-46047 MEDIUM POC This Month

AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Aerocms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-44693 HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-44690 HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
82.1%
CVE-2022-31696 HIGH PATCH This Week

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption VMware Buffer Overflow Cloud Foundation ESXi
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-20469 HIGH This Week

In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-20411 HIGH This Week

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Google Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-46058 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Aerocms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-41267 HIGH This Week

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41264 HIGH This Week

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Code Injection Basis
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41272 HIGH This Week

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP SQLi Netweaver Process Integration
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2022-41127 HIGH This Week

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Microsoft Dynamics 365 Business Central Dynamics Nav
NVD
CVSS 3.1
8.5
EPSS
1.6%
CVE-2022-41076 HIGH PATCH This Week

PowerShell Remote Code Execution Vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

RCE Powershell Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.5
EPSS
61.6%
CVE-2022-46062 MEDIUM POC This Month

Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Gym Management System
NVD GitHub
CVSS 3.1
4.5
EPSS
0.3%
CVE-2022-41562 HIGH This Week

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Jasperreports Server
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2022-44708 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Google Edge Edge Chromium
NVD
CVSS 3.1
8.3
EPSS
1.9%
CVE-2022-44696 HIGH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-44695 HIGH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel +1
NVD VulDB
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-44694 HIGH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-44676 HIGH This Week

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Microsoft Windows 10 Windows 11 +8
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-44670 HIGH This Week

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.1
EPSS
1.1%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy