Skip to main content
CVE-2022-4438 HIGH This Week

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4437 HIGH This Week

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4436 HIGH This Week

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2601 HIGH This Week

A buffer overflow was found in grub_font_construct_glyph(). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Grub2 Fedora Enterprise Linux Eus +5
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2022-31705 HIGH This Week

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE VMware Buffer Overflow Workstation +2
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2022-4283 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption X Server Fedora +2
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-47411 HIGH PATCH This Week

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fp Newsletter
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-47410 HIGH PATCH This Week

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fp Newsletter
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-47409 HIGH PATCH This Week

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Fp Newsletter
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31703 HIGH This Week

The vRealize Log Insight contains a Directory Traversal Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Vrealize Log Insight
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-23517 HIGH PATCH This Week

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rails Html Sanitizers Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-23516 HIGH PATCH This Week

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Loofah
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-23514 HIGH PATCH This Week

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Loofah
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-23500 HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Typo3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31700 HIGH This Week

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE VMware Access Cloud Foundation Identity Manager
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-23741 HIGH This Week

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-4501 HIGH PATCH This Week

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.3.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Mega Addons For Wpbakery Page Builder WPBakery Page Builder
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-40264 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Genesis64
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-47407 MEDIUM PATCH This Month

An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Master Quiz
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-23501 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Typo3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-4410 MEDIUM PATCH This Month

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Permalink Manager Lite
NVD WPScan VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-23527 MEDIUM This Month

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Open Redirect Mod Auth Openidc Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-4495 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent up to 1.6.py. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collective Dms Basecontent
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-23515 MEDIUM PATCH This Month

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Loofah Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-3073 MEDIUM This Month

Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2/2021 v1/2022 v1/2022 SP1 v1 or below are prone to JavaScript injection allowing a remote attacker to hijack existing sessions to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 19 Iot Md01 Lan H4 S0011 Firmware Fp Iot Md01 4Eu S2 00000 Firmware Fp Iot Md01 Lan S2 00000 Firmware Fp Iot Md01 Lan S2 00011 Firmware +5
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3917 MEDIUM This Month

Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Moto E20 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3115 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3114 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3113 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-3112 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3111 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3110 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3108 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Amd Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3107 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3106 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3105 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3104 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.16-rc6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-23502 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-31701 MEDIUM This Month

VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware Access Cloud Foundation Identity Manager Connector
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-23504 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Typo3
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy