Skip to main content
CVE-2022-25893 CRITICAL POC PATCH Act Now

The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Vm2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-24431 CRITICAL POC Act Now

All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Abacus Ext Cmdline
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-38065 HIGH POC This Week

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openstack
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-36222 HIGH POC This Week

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia Authentication Bypass Fastmile Firmware
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2022-25895 HIGH POC This Week

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lite Dev Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-36221 MEDIUM POC This Month

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nokia Fastmile Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-40841 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ndkadvancedcustomizationfields
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-46096 MEDIUM POC This Month

A Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid-19 Directory on Vaccination System v1.0 allows attackers to execute arbitrary code via the txtfullname parameter or txtphone. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Covid 19 Directory On Vaccination System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-46095 MEDIUM POC This Month

Sourcecodester Covid-19 Directory on Vaccination System 1.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via verification.php because the program does not verify the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Covid 19 Directory On Vaccination System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4617 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-3184 CRITICAL PATCH Act Now

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware +9
NVD
CVSS 3.1
9.8
EPSS
11.6%
CVE-2022-3183 CRITICAL PATCH Act Now

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware Iboot Pdu4Sa N20 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-4643 CRITICAL PATCH Act Now

A vulnerability was found in docconv up to 1.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Docconv
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-4639 CRITICAL PATCH Act Now

A vulnerability, which was classified as critical, has been found in sslh.c of the component Packet Dumping Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Sslh
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40145 CRITICAL PATCH Act Now

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Karaf
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-47635 CRITICAL Act Now

Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Wms
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-38546 CRITICAL Act Now

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nbg7510 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-4640 MEDIUM POC This Month

A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mcms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-25929 MEDIUM POC PATCH This Month

The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Smoothie Charts
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-4630 MEDIUM POC PATCH This Month

Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Daloradius
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-4633 HIGH PATCH This Week

A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Auto Upload Images
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-4287 HIGH This Week

Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicious user to access the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Remote Desktop Manager
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-38060 HIGH PATCH This Week

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kolla
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-46334 HIGH This Week

Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Protection
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-46330 HIGH PATCH This Week

Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Squirrel Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-46282 HIGH This Week

Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Use After Free Denial Of Service Memory Corruption Cx Drive
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3186 HIGH PATCH This Week

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware Iboot Pdu4Sa N20 Firmware +8
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-47581 HIGH This Week

Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp M Vault
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-42949 HIGH PATCH This Week

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Subsites
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-46662 MEDIUM This Month

Roxio Creator LJB starts another program with an unquoted file path. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Roxio Creator Ljb
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-44756 MEDIUM This Month

Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bigfix Insights For Vulnerability Remediation
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-4638 MEDIUM PATCH This Month

A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Collective Contact Widget
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4637 MEDIUM PATCH This Month

A vulnerability classified as problematic has been found in ep3-bs up to 1.7.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ep 3 Bookingsystem
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4632 MEDIUM PATCH This Month

A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Auto Upload Images
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4631 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in WP-Ban. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Wp Ban
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38655 MEDIUM This Month

BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bigfix Webui
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2022-4641 MEDIUM PATCH This Month

A vulnerability was found in pig-vector and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Java Apache Information Disclosure Pig Vector
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-4642 MEDIUM PATCH This Month

A vulnerability was found in tatoeba2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Tatoeba2
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-43543 MEDIUM This Month

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google Message
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3189 MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF PHP Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3188 MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

PHP Authentication Bypass Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3187 MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Authentication Bypass Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3185 MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware Iboot Pdu4Sa N20 Firmware +8
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-23551 MEDIUM PATCH This Month

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Microsoft Kubernetes Azure Ad Pod Identity
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-42454 MEDIUM This Month

Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Bigfix Insights For Vulnerability Remediation
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-44449 MEDIUM This Month

Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zenphoto
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy