Skip to main content
CVE-2022-3805 HIGH POC THREAT Act Now

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.1%.

WordPress Authentication Bypass Jeg Elementor Kit Elementor
NVD VulDB
CVSS 3.1
8.6
EPSS
11.1%
CVE-2022-34484 HIGH POC This Week

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Buffer Overflow RCE Use After Free Memory Corruption +3
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-28281 HIGH POC This Week

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Mozilla Buffer Overflow Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-26485 HIGH POC KEV THREAT This Week

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mozilla Information Disclosure Use After Free Memory Corruption +3
NVD
CVSS 3.1
8.8
EPSS
14.3%
CVE-2022-26381 HIGH POC This Week

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-22756 HIGH POC This Week

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mozilla Code Injection Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-22740 HIGH POC This Week

Certain network request objects were freed too early when releasing a network request handle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-22738 HIGH POC This Week

Applying a CSS filter effect could have accessed out of bounds memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Mozilla Buffer Overflow Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-46101 HIGH POC This Week

AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Code Injection Ayacms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-43602 HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2022-43601 HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2022-43600 HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2022-43599 HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2022-43598 HIGH POC This Week

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2022-43597 HIGH POC This Week

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2022-41981 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-41999 HIGH POC This Week

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-41988 HIGH POC This Week

An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-26387 HIGH POC This Week

When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22737 HIGH POC This Week

Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Microsoft Mozilla Firefox +2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-23556 HIGH POC PATCH This Week

CodeIgniter is a PHP full-stack web framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Codeigniter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-22753 HIGH POC This Week

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2022-22736 HIGH POC This Week

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Mozilla Firefox
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-46885 HIGH This Week

Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-46883 HIGH This Week

Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 106. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-46881 HIGH This Week

An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Mozilla Buffer Overflow Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-46879 HIGH This Week

Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-46878 HIGH This Week

Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-46874 HIGH This Week

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mozilla Code Injection Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-46873 HIGH This Week

Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Mozilla Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-46871 HIGH This Week

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-45421 HIGH This Week

Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-45412 HIGH This Week

When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Mozilla Microsoft Information Disclosure +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-45409 HIGH This Week

The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42932 HIGH This Week

Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-42928 HIGH This Week

Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Mozilla Denial Of Service Buffer Overflow Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-40962 HIGH This Week

Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-38478 HIGH This Week

Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-38477 HIGH This Week

Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-38473 HIGH This Week

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-34483 HIGH This Week

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla File Upload Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-34482 HIGH This Week

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla File Upload Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-34481 HIGH This Week

In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Buffer Overflow Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-34480 HIGH This Week

Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-34468 HIGH This Week

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-31741 HIGH This Week

A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-31740 HIGH This Week

On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-31739 HIGH This Week

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2505 HIGH This Week

Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Mozilla Buffer Overflow Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-2200 HIGH This Week

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mozilla Prototype Pollution Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
23.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy