Skip to main content
CVE-2022-4223 HIGH POC PATCH THREAT This Week

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Code Injection PostgreSQL Pgadmin 4 +1
NVD GitHub
CVSS 3.1
8.8
EPSS
79.9%
CVE-2022-29580 HIGH POC This Week

There exists a path traversal vulnerability in the Android Google Search app. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Google Google Search
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-45693 HIGH POC PATCH This Week

Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Jettison Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-45690 HIGH POC PATCH This Week

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Java Denial Of Service Buffer Overflow Json Java +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45689 HIGH POC This Week

hutool-json v5.8.10 was discovered to contain an out of memory error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hutool
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45688 HIGH POC PATCH This Week

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Hutool Json Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-45685 HIGH POC PATCH This Week

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Jettison Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-46051 HIGH POC This Week

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Aerocms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-44702 HIGH PATCH This Week

Windows Terminal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Microsoft Code Injection RCE Terminal
NVD VulDB
CVSS 3.1
7.8
EPSS
9.8%
CVE-2022-44693 HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-44690 HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
82.1%
CVE-2022-31696 HIGH PATCH This Week

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption VMware Buffer Overflow Cloud Foundation ESXi
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-20469 HIGH This Week

In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-20411 HIGH This Week

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Google Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-41267 HIGH This Week

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41264 HIGH This Week

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Code Injection Basis
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41272 HIGH This Week

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP SQLi Netweaver Process Integration
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2022-41127 HIGH This Week

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Microsoft Dynamics 365 Business Central Dynamics Nav
NVD
CVSS 3.1
8.5
EPSS
1.6%
CVE-2022-41076 HIGH PATCH This Week

PowerShell Remote Code Execution Vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

RCE Powershell Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.5
EPSS
61.6%
CVE-2022-41562 HIGH This Week

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Jasperreports Server
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2022-44708 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Google Edge Edge Chromium
NVD
CVSS 3.1
8.3
EPSS
1.9%
CVE-2022-44696 HIGH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-44695 HIGH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel +1
NVD VulDB
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-44694 HIGH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-44676 HIGH This Week

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Microsoft Windows 10 Windows 11 +8
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-44670 HIGH This Week

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-46664 HIGH PATCH This Week

A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Mendix Workflow Commons
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-45936 HIGH PATCH This Week

A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Mendix Email Connector
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-33268 HIGH PATCH This Week

Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Qualcomm Buffer Overflow Apq8009 Firmware Apq8017 Firmware +93
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-4098 HIGH This Week

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Com Server Firmware Com Server 20Ma Firmware Com Server Highspeed 100Basefx Firmware Com Server Highspeed 100Baselx Firmware +12
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2021-32415 HIGH This Week

EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Wrapper
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2951 HIGH PATCH This Week

Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to improper validation of array index vulnerability during processing of H3D files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Hyperview Player
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2950 HIGH PATCH This Week

Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Buffer Overflow Hyperview Player
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2949 HIGH PATCH This Week

Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Buffer Overflow Hyperview Player
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2947 HIGH PATCH This Week

Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Hyperview Player
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-47213 HIGH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft 365 Apps
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-47212 HIGH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft 365 Apps
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-47211 HIGH PATCH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-44710 HIGH This Week

DirectX Graphics Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Windows 11
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-44704 HIGH PATCH This Week

Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows Sysmon
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-44697 HIGH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-44692 HIGH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-44691 HIGH This Week

Microsoft Office OneNote Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-44689 HIGH PATCH This Week

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Linux Microsoft Privilege Escalation Windows Subsystem For Linux Windows 10 +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-44687 HIGH This Week

Raw Image Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Raw Image Extension
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-44683 HIGH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Use After Free Memory Corruption Windows 10 +7
NVD
CVSS 3.1
7.8
EPSS
8.2%
CVE-2022-44681 HIGH This Week

Windows Print Spooler Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-44680 HIGH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-44678 HIGH This Week

Windows Print Spooler Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-44677 HIGH This Week

Windows Projected File System Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2019 +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy