Skip to main content
CVE-2022-4566 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruoyi
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-47209 HIGH POC This Week

A support user exists on the device and appears to be a backdoor for Technical Support staff. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rax30 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-47210 HIGH POC This Week

The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rax30 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-41992 HIGH POC This Week

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Poweriso
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-4565 HIGH POC PATCH This Week

A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hutool
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-46109 HIGH POC This Week

Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-46137 HIGH POC This Week

AeroCMS v0.0.1 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Aerocms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-46135 HIGH POC This Week

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Aerocms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-23530 MEDIUM POC PATCH This Month

GuardDog is a CLI tool to identify malicious PyPI packages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Guarddog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-37832 CRITICAL Act Now

Mutiny 7.2.0-10788 suffers from Hardcoded root password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mutiny
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-42529 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-47377 CRITICAL Act Now

Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version <1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sim2000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-20513 MEDIUM POC This Month

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-47208 HIGH This Week

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Nighthawk Ax1800 Firmware Nighthawk Ax2400 Firmware Nighthawk Ax3000 Firmware Nighthawk Ax5400 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-4564 HIGH PATCH This Week

A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Materia
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-25628 HIGH This Week

An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Symantec Identity Governance And Administration
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-20610 HIGH This Week

In cellular modem firmware, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure RCE Google Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-20607 HIGH This Week

In the Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption RCE Google Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-26582 HIGH This Week

PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Paydroid
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-4563 HIGH PATCH This Week

A vulnerability was found in Freedom of the Press SecureDrop. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Securedrop
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42544 HIGH PATCH This Week

In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-42534 HIGH This Week

In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-42531 HIGH This Week

In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20600 HIGH This Week

In TBD of TBD, there is a possible out of bounds write due to memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20598 HIGH This Week

In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20597 HIGH This Week

In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20587 HIGH This Week

In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20586 HIGH This Week

In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20585 HIGH This Week

In valid_out_of_special_sec_dram_addr of drm_access_control.c, there is a possible EoP due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20584 HIGH This Week

In page_number of shared_mem.c, there is a possible code execution in secure world due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20582 HIGH This Week

In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20568 HIGH PATCH This Week

In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google Use After Free Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20566 HIGH PATCH This Week

In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google Use After Free Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20561 HIGH This Week

In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Google Buffer Overflow Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20550 HIGH PATCH This Week

In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20548 HIGH PATCH This Week

In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20547 HIGH PATCH This Week

In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20540 HIGH PATCH This Week

In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google RCE Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20524 HIGH PATCH This Week

In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google RCE Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20522 HIGH PATCH This Week

In getSlice of ProviderModelSlice.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20520 HIGH PATCH This Week

In onCreate of various files, there is a possible tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20512 HIGH This Week

In navigateUpTo of Task.java, there is a possible way to launch an intent handler with a mismatched intent due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20508 HIGH PATCH This Week

In onAttach of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20507 HIGH PATCH This Week

In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20506 HIGH PATCH This Week

In onCreate of WifiDialogActivity.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20503 HIGH PATCH This Week

In onCreate of WifiDppConfiguratorActivity.java, there is a possible way for a guest user to add a WiFi configuration due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3157 HIGH This Week

A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Compactlogix 5370 Firmware Compact Guardlogix 5370 Firmware Compact Guardlogix 5380 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-3166 HIGH This Week

Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Micrologix 1100 Firmware Micrologix 1400 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2966 HIGH This Week

Out-of-bounds Read vulnerability in Delta Electronics DOPSoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Dopsoft
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-42527 HIGH This Week

In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.6%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy