Skip to main content
CVE-2022-37706 HIGH POC PATCH Act Now

enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Enlightenment
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
5.5%
CVE-2022-40005 HIGH POC THREAT This Week

Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wifiber 120Ac Inmesh Firmware
NVD
CVSS 3.1
8.8
EPSS
34.8%
CVE-2022-42898 HIGH POC PATCH This Week

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow RCE Denial Of Service Buffer Overflow Kerberos 5 +2
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2022-45893 HIGH POC This Week

Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Planet Estream
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-44017 HIGH POC This Week

An issue was discovered in Simmeth Lieferantenmanager before 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Fixation Lieferantenmanager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-44016 HIGH POC This Week

An issue was discovered in Simmeth Lieferantenmanager before 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lieferantenmanager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-42953 HIGH POC This Week

Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zmm200 Firmware Zmm210 Firmware Zmm220 Firmware Zem720 Firmware +6
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
4.8%
CVE-2022-45889 HIGH POC This Week

Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Planet Estream
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-41318 HIGH PATCH This Week

A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Squid
NVD GitHub
CVSS 3.1
8.6
EPSS
2.8%
CVE-2022-45197 HIGH PATCH This Week

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Slixmpp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy