Skip to main content
CVE-2022-46403 HIGH POC This Week

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bm78 Firmware Bm83 Firmware Rn4870 Firmware Rn4871 Firmware +5
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2022-43289 HIGH POC This Week

Deark v.1.6.2 was discovered to contain a stack overflow via the do_prism_read_palette() function at /modules/atari-img.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Deark
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-46399 HIGH POC This Week

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Bm78 Firmware Bm83 Firmware Rn4870 Firmware Rn4871 Firmware +10
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-45041 HIGH POC This Week

SQL Injection exits in xinhu < 2.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xinhu
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-4106 HIGH POC This Week

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress Wholesale Market For Woocommerce
NVD WPScan
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-4061 HIGH POC This Week

The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Jobboardwp
NVD WPScan
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-3875 HIGH POC This Week

A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Passwordstate
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-43443 HIGH This Week

OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Wsr 3200Ax4S Firmware Wsr 3200Ax4B Firmware Wsr 2533Dhp2 Firmware Wsr A2533Dhp2 Firmware +7
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42947 HIGH This Week

A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Maya
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42945 HIGH This Week

DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Dwg Trueview
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-44755 HIGH This Week

HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Notes
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-44754 HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Domino
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-44753 HIGH This Week

HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Notes
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-44752 HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Domino
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-44751 HIGH This Week

HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Notes
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-44750 HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Domino
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38659 HIGH This Week

In specific scenarios, on Windows the operator credentials may be encrypted in a manner that is not completely machine-dependent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Bigfix Platform
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-3752 HIGH This Week

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Compactlogix 5480 Firmware Compactlogix 5580 Firmware Guardlogix 5580 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-43883 HIGH PATCH This Week

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Code Injection Cognos Analytics
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-32749 HIGH This Week

Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions.0.0 through 9.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Traffic Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-41418 HIGH PATCH This Week

An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal RCE Blogengine Net
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-3775 HIGH This Week

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE Grub2 Enterprise Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-42946 HIGH This Week

Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow Maya
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy