Skip to main content
CVE-2022-4724 CRITICAL POC PATCH Act Now

Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-4719 CRITICAL POC PATCH Act Now

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-4767 HIGH POC PATCH This Week

Denial of Service in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memos
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-4732 HIGH POC PATCH THREAT This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Microweber
NVD GitHub
CVSS 3.1
7.2
EPSS
38.2%
CVE-2022-4722 HIGH POC PATCH This Week

Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Rdiffweb
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-4723 MEDIUM POC PATCH This Month

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4720 MEDIUM POC PATCH This Month

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Rdiffweb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4768 CRITICAL PATCH Act Now

A vulnerability was found in Dropbox merou. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Merou
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-46442 CRITICAL Act Now

dedecms <=V5.7.102 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-45963 CRITICAL Act Now

h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Secpath F5030 Firmware Secpath F5060 Firmware Secpath F5080 Firmware Secpath F5030 D Firmware +7
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-45778 CRITICAL Act Now

https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sc 6000 Wv02 Firmware Sc 6000 Wv04 Firmware Sc 6000 Wv08 Firmware Sc 6000 Wv12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-4726 CRITICAL Act Now

A vulnerability classified as critical was found in SourceCodester Sanitization Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sanitization Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-4725 CRITICAL PATCH Act Now

A vulnerability was found in AWS SDK 2.59.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Java SSRF Google Aws Software Development Kit
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-4748 CRITICAL PATCH Act Now

A vulnerability was found in FlatPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Flatpress
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-46764 CRITICAL Act Now

A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Server
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-47968 MEDIUM POC This Month

Heimdall Application Dashboard through 2.5.4 allows reflected and stored XSS via "Application name" to the "Add application" page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Heimdall Application Dashboard
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4730 MEDIUM POC PATCH This Month

A vulnerability was found in Graphite Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Graphite
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-4729 MEDIUM POC PATCH This Month

A vulnerability was found in Graphite Web and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Graphite
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-4728 MEDIUM POC PATCH This Month

A vulnerability has been found in Graphite Web and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Graphite
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-4721 MEDIUM POC PATCH This Month

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Rdiffweb
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-4695 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-4694 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-4691 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-4733 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-46763 HIGH This Week

A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged database user to execute arbitrary SQL commands as the database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SQLi Server
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-2582 MEDIUM POC PATCH This Month

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Aws Software Development Kit
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-4734 MEDIUM POC PATCH This Month

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-4772 HIGH PATCH This Week

A vulnerability was found in Widoco and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Widoco
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3156 HIGH This Week

A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Authentication Bypass Rockwell Studio 5000 Logix Emulate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3064 HIGH PATCH This Week

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Yaml
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-2584 HIGH PATCH This Week

The dag-pb codec can panic when decoding invalid blocks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Go Codec Dagpb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-45431 HIGH PATCH This Week

Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dahua Dhi Dss7016D S2 Firmware Dhi Dss7016Dr S2 Firmware Dhi Dss4004 S2 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-45429 HIGH PATCH This Week

Some Dahua software products have a vulnerability of server-side request forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Dahua Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-45425 HIGH PATCH This Week

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Dahua Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-45423 HIGH PATCH This Week

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Dahua Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-45427 HIGH PATCH This Week

Some Dahua software products have a vulnerability of unrestricted upload of file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Dahua File Upload Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-45426 MEDIUM PATCH This Month

Some Dahua software products have a vulnerability of unrestricted download of file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Information Disclosure Dahua Dss Express Dss Professional +3
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4766 MEDIUM PATCH This Month

A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Dolibarr Project Timesheet
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4727 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java XSS Appointment Scheduling Module
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-4755 MEDIUM PATCH This Month

A vulnerability was found in FlatPress and classified as problematic.mediamanager.file.php of the component Media Manager Plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Flatpress
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-45434 MEDIUM PATCH This Month

Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Dahua Denial Of Service Dhi Dss7016D S2 Firmware Dhi Dss7016Dr S2 Firmware Dhi Dss4004 S2 Firmware +2
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-45432 MEDIUM PATCH This Month

Some Dahua software products have a vulnerability of unauthenticated search for devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Dahua Dhi Dss7016D S2 Firmware Dhi Dss7016Dr S2 Firmware Dhi Dss4004 S2 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-45424 MEDIUM PATCH This Month

Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Dahua Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-2583 LOW PATCH Monitor

A race condition can cause incorrect HTTP request routing. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Gobase
NVD GitHub
CVSS 3.1
3.7
EPSS
0.3%
CVE-2022-45433 LOW PATCH Monitor

Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Dahua Dhi Dss7016D S2 Firmware Dhi Dss7016Dr S2 Firmware Dhi Dss4004 S2 Firmware +2
NVD
CVSS 3.1
3.7
EPSS
0.6%
CVE-2022-45430 LOW PATCH Monitor

Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Dahua Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
3.7
EPSS
0.4%
CVE-2022-45428 LOW PATCH Monitor

Some Dahua software products have a vulnerability of sensitive information leakage. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dahua Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
2.7
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy