Skip to main content
CVE-2022-38065 HIGH POC This Week

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openstack
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-36222 HIGH POC This Week

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nokia Authentication Bypass Fastmile Firmware
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2022-25895 HIGH POC This Week

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lite Dev Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-4633 HIGH PATCH This Week

A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Auto Upload Images
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-4287 HIGH This Week

Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows malicious user to access the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Remote Desktop Manager
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-38060 HIGH PATCH This Week

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kolla
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-46334 HIGH This Week

Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Protection
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-46330 HIGH PATCH This Week

Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Squirrel Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-46282 HIGH This Week

Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Use After Free Denial Of Service Memory Corruption Cx Drive
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3186 HIGH PATCH This Week

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware Iboot Pdu4Sa N20 Firmware +8
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-47581 HIGH This Week

Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp M Vault
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-42949 HIGH PATCH This Week

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Subsites
NVD
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy