Skip to main content
CVE-2022-3805 HIGH POC THREAT Act Now

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.1%.

WordPress Authentication Bypass Jeg Elementor Kit Elementor
NVD VulDB
CVSS 3.1
8.6
EPSS
11.1%
CVE-2022-46493 CRITICAL POC Act Now

Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Nbnbk
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41838 CRITICAL POC Act Now

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-41837 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-41794 CRITICAL POC Act Now

A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-41639 CRITICAL POC Act Now

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-38143 CRITICAL POC Act Now

A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Openimageio
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-29917 CRITICAL POC Act Now

Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox +2
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-47926 CRITICAL POC Act Now

AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Ayacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-46102 CRITICAL POC Act Now

AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ayacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-45966 CRITICAL POC Act Now

here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Classcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-26486 CRITICAL POC KEV THREAT Act Now

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mozilla Information Disclosure Use After Free Memory Corruption +3
NVD
CVSS 3.1
9.6
EPSS
2.3%
CVE-2022-26384 CRITICAL POC Act Now

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
9.6
EPSS
0.9%
CVE-2022-41649 CRITICAL POC Act Now

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2022-34484 HIGH POC This Week

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Buffer Overflow RCE Use After Free Memory Corruption +3
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-28281 HIGH POC This Week

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Mozilla Buffer Overflow Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-26485 HIGH POC KEV THREAT This Week

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mozilla Information Disclosure Use After Free Memory Corruption +3
NVD
CVSS 3.1
8.8
EPSS
14.3%
CVE-2022-26381 HIGH POC This Week

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-22756 HIGH POC This Week

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mozilla Code Injection Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-22740 HIGH POC This Week

Certain network request objects were freed too early when releasing a network request handle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-22738 HIGH POC This Week

Applying a CSS filter effect could have accessed out of bounds memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Mozilla Buffer Overflow Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-46101 HIGH POC This Week

AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Ayacms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-43602 HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2022-43601 HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2022-43600 HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2022-43599 HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2022-43598 HIGH POC This Week

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2022-43597 HIGH POC This Week

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2022-41981 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-41999 HIGH POC This Week

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-41988 HIGH POC This Week

An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-26387 HIGH POC This Week

When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22737 HIGH POC This Week

Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Microsoft Mozilla Firefox +2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-23556 HIGH POC PATCH This Week

CodeIgniter is a PHP full-stack web framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Codeigniter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-22753 HIGH POC This Week

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2022-22736 HIGH POC This Week

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Mozilla Firefox
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-46491 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Nbnbk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-29916 MEDIUM POC This Month

Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-28287 MEDIUM POC This Month

In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-28285 MEDIUM POC This Month

When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Buffer Overflow Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-28283 MEDIUM POC This Month

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-28282 MEDIUM POC This Month

By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2022-26386 MEDIUM POC This Month

Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Mozilla Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-26385 MEDIUM POC This Month

In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-22750 MEDIUM POC This Month

By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Microsoft Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-22748 MEDIUM POC This Month

Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla XSS Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-22739 MEDIUM POC This Month

Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1196 MEDIUM POC This Month

After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1097 MEDIUM POC This Month

<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-29912 MEDIUM POC This Month

Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.1
EPSS
0.6%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy