Skip to main content
CVE-2022-4767 HIGH POC PATCH This Week

Denial of Service in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memos
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-4732 HIGH POC PATCH THREAT This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Microweber
NVD GitHub
CVSS 3.1
7.2
EPSS
38.2%
CVE-2022-4722 HIGH POC PATCH This Week

Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Rdiffweb
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-46763 HIGH This Week

A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged database user to execute arbitrary SQL commands as the database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SQLi Server
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-4772 HIGH PATCH This Week

A vulnerability was found in Widoco and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Widoco
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3156 HIGH This Week

A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Authentication Bypass Rockwell Studio 5000 Logix Emulate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3064 HIGH PATCH This Week

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Yaml
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-2584 HIGH PATCH This Week

The dag-pb codec can panic when decoding invalid blocks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Go Codec Dagpb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-45431 HIGH PATCH This Week

Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dahua Dhi Dss7016D S2 Firmware Dhi Dss7016Dr S2 Firmware Dhi Dss4004 S2 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-45429 HIGH PATCH This Week

Some Dahua software products have a vulnerability of server-side request forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Dahua Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-45425 HIGH PATCH This Week

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Dahua Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-45423 HIGH PATCH This Week

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Dahua Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-45427 HIGH PATCH This Week

Some Dahua software products have a vulnerability of unrestricted upload of file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Dahua File Upload Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy