Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2022-29153 Go HIGH POC PATCH This Week

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Hashicorp HashiCorp Consul Fedora
NVD
CVSS 3.1
7.5
EPSS
8.7%
CVE-2022-27652 Go MEDIUM PATCH This Month

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker Cri O Fedora Moby +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-1381 HIGH POC PATCH This Week

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
3.1%
CVE-2022-1231 MEDIUM POC PATCH This Month

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Atlassian Plantuml Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-28048 HIGH POC PATCH This Week

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Stb Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-28042 HIGH POC PATCH This Week

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Information Disclosure Stb Image H Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-28041 MEDIUM POC PATCH This Month

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Stb Image H Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-1328 MEDIUM POC PATCH This Month

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Mutt Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2022-1304 HIGH This Week

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure E2Fsprogs Enterprise Linux +1
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-24828 PHP HIGH PATCH This Week

Composer is a dependency manager for the PHP programming language. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP RCE Composer Tenable Sc Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-24765 HIGH This Week

Git for Windows is a fork of Git containing Windows-specific patches. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Git Fedora Xcode +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-24070 HIGH This Week

Subversion's mod_dav_svn is vulnerable to memory corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Buffer Overflow Subversion Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
9.3%
CVE-2022-24836 Ruby HIGH PATCH This Week

Nokogiri is an open source XML and HTML library for Ruby. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nokogiri Fedora Debian Linux macOS
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2022-28805 CRITICAL POC PATCH Act Now

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Lua Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2022-28796 HIGH PATCH This Week

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Rated high severity (CVSS 7.0).

Race Condition Linux Information Disclosure Linux Kernel Enterprise Linux +13
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-26361 HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow Xen Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26360 HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow Xen Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26359 HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow Xen Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26358 HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow Xen Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26357 HIGH PATCH This Week

race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-26356 MEDIUM PATCH This Month

Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy. Rated medium severity (CVSS 5.6).

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
5.6
EPSS
0.2%
CVE-2022-27651 Go MEDIUM PATCH This Month

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Buildah Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
1.2%
CVE-2022-27650 HIGH PATCH This Week

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Crun Fedora Openshift Container Platform +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-27649 Go HIGH PATCH This Week

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Podman Developer Tools Openshift Container Platform +11
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-24801 PyPI HIGH PATCH This Week

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Python Request Smuggling Twisted Debian Linux +2
NVD GitHub
CVSS 3.1
8.1
EPSS
2.8%
CVE-2022-24785 LIB HIGH PATCH This Week

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Path Traversal Moment Tenable Sc Active Iq +2
NVD GitHub
CVSS 3.1
7.5
EPSS
5.7%
CVE-2022-24191 MEDIUM POC This Month

In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Htmldoc Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-28390 HIGH PATCH This Week

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28389 MEDIUM PATCH This Month

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +8
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-28388 MEDIUM PATCH This Month

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux Fedora +8
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-24790 Ruby HIGH PATCH This Week

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Request Smuggling Puma Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-1160 HIGH POC PATCH This Week

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-1154 HIGH POC PATCH This Week

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-28202 MEDIUM PATCH This Month

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-1122 MEDIUM This Month

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openjpeg Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-1055 HIGH POC PATCH This Week

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. Rated high severity (CVSS 8.6). Public exploit code available.

Privilege Escalation Memory Corruption Use After Free Linux Linux Kernel +11
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2022-26280 MEDIUM POC This Month

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libarchive Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-24303 PyPI CRITICAL PATCH Act Now

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pillow Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.8%
CVE-2022-27943 MEDIUM POC This Month

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gcc Fedora
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-27942 HIGH POC This Week

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-27941 HIGH POC This Week

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-27940 HIGH POC This Week

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-27939 MEDIUM POC This Month

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpreplay Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-22995 CRITICAL Act Now

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE My Cloud Pr2100 Firmware My Cloud Pr4100 Firmware My Cloud Ex4100 Firmware My Cloud Ex2 Ultra Firmware +9
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27920 MEDIUM PATCH This Month

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Libkiwix Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0995 HIGH POC PATCH Act Now

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Linux Buffer Overflow Linux Kernel +12
NVD
CVSS 3.1
7.8
EPSS
6.2%
CVE-2022-0983 PHP HIGH PATCH This Week

An SQL injection risk was identified in Badges code relating to configuring criteria. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Moodle Fedora Extra Packages For Enterprise Linux
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-0500 HIGH PATCH This Week

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel Fedora H300E Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-0435 HIGH POC PATCH THREAT This Week

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow Linux Kernel Codeready Linux Builder +28
NVD
CVSS 3.1
8.8
EPSS
68.0%
CVE-2022-0330 HIGH This Week

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Codeready Linux Builder Codeready Linux Builder Eus +35
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-0322 MEDIUM PATCH This Month

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Communications Cloud Native Core Binding Support Function +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-24778 Go HIGH POC PATCH This Week

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Imgcrypt Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-27227 HIGH PATCH This Week

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Authoritative Server Recursor Fedora
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2022-24769 Go MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Docker Moby Fedora Runc +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-0996 MEDIUM POC This Month

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 389 Directory Server Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-0396 MEDIUM PATCH This Month

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Fedora H300s Firmware H500s Firmware +7
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2022-27666 HIGH PATCH This Week

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Memory Corruption Buffer Overflow Linux Kernel Fedora +11
NVD GitHub
CVSS 3.1
7.8
EPSS
5.5%
CVE-2022-1011 HIGH This Week

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Authentication Bypass Linux Use After Free +30
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-0547 CRITICAL PATCH Act Now

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openvpn Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-27191 Go HIGH PATCH This Week

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSH Extra Packages For Enterprise Linux Fedora Advanced Cluster Management For Kubernetes
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2022-24302 PyPI MEDIUM POC PATCH This Month

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Paramiko Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%
CVE-2022-24729 LIB HIGH PATCH This Week

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ckeditor Drupal Application Express Commerce Merchandising +5
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-24728 LIB MEDIUM PATCH This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal Application Express Commerce Merchandising +5
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-0778 Cargo HIGH POC PATCH CISA Act Now

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service OpenSSL Debian Linux Cloud Volumes Ontap Mediator Clustered Data Ontap +9
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
7.8%
Threat
5.2
CVE-2022-0943 HIGH POC PATCH This Week

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-20001 HIGH PATCH This Week

fish is a command line shell. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Fish Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-23943 CRITICAL PATCH Act Now

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.4 version 2.4.52 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Apache Buffer Overflow Http Server Fedora +2
NVD
CVSS 3.1
9.8
EPSS
50.4%
CVE-2022-22721 CRITICAL PATCH Act Now

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.4.52 and earlier. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Apache Buffer Overflow Http Server Fedora +5
NVD
CVSS 3.1
9.1
EPSS
41.9%
CVE-2022-22720 CRITICAL PATCH Act Now

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Apache Request Smuggling Http Server Fedora +5
NVD
CVSS 3.1
9.8
EPSS
28.2%
CVE-2022-22719 HIGH PATCH This Week

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash.4.52 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apache Http Server Debian Linux Fedora +3
NVD
CVSS 3.1
7.5
EPSS
69.8%
CVE-2022-26981 HIGH POC This Week

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Liblouis Fedora Ipados Iphone Os +3
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-25601 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Contact Form X Fedora
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-25600 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Wp Maps Fedora
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-0924 MEDIUM POC PATCH This Month

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff Debian Linux Fedora +1
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-0909 MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Debian Linux Fedora Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-0908 MEDIUM POC PATCH This Month

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff Debian Linux Fedora +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-0907 MEDIUM POC This Month

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux Fedora Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-0860 PyPI CRITICAL POC PATCH Act Now

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Cobbler Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2022-0891 HIGH POC PATCH This Week

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Information Disclosure Libtiff Debian Linux +2
NVD
CVSS 3.1
7.1
EPSS
1.5%
CVE-2022-0865 MEDIUM POC This Month

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux Fedora Active Iq Unified Manager
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-0856 MEDIUM POC This Month

libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libcaca Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2022-0725 HIGH This Week

A flaw was found in keepass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepass Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-0516 HIGH PATCH This Week

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +20
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-0433 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0204 HIGH POC PATCH This Week

A heap overflow vulnerability was found in bluez in versions prior to 5.63. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Bluez Fedora Debian Linux
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-24919 MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend Debian Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
1.2%
CVE-2022-24918 MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend Fedora
NVD
CVSS 3.1
4.4
EPSS
1.1%
CVE-2022-24917 MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend Debian Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
1.2%
CVE-2022-24349 MEDIUM PATCH This Month

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Zabbix XSS Frontend Debian Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
1.2%
CVE-2022-24512 NuGet MEDIUM PATCH This Month

.NET and Visual Studio Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Net Net Core Powershell +3
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
EPSS 9% CVSS 7.5
HIGH POC PATCH This Week

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Hashicorp HashiCorp Consul +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker Cri O +3
NVD GitHub
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Atlassian +2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Stb Fedora
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Information Disclosure +3
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Stb Image H +2
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Mutt Debian Linux +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +3
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Composer is a dependency manager for the PHP programming language. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP RCE Composer +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

Git for Windows is a fork of Git containing Windows-specific patches. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Git +3
NVD GitHub
EPSS 9% CVSS 7.5
HIGH This Week

Subversion's mod_dav_svn is vulnerable to memory corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Buffer Overflow +4
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Nokogiri is an open source XML and HTML library for Ruby. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nokogiri Fedora +2
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL POC PATCH Act Now

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Lua +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Rated high severity (CVSS 7.0).

Race Condition Linux Information Disclosure +15
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Amd Buffer Overflow +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Xen +2
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy. Rated medium severity (CVSS 5.6).

Information Disclosure Xen Debian Linux +1
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Buildah +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Crun +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Podman +13
NVD GitHub
EPSS 3% CVSS 8.1
HIGH PATCH This Week

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Python Request Smuggling +4
NVD GitHub
EPSS 6% CVSS 7.5
HIGH PATCH This Week

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Path Traversal Moment +4
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Htmldoc +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +10
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +10
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Request Smuggling Puma +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free +4
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki Fedora +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openjpeg Fedora +1
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. Rated high severity (CVSS 8.6). Public exploit code available.

Privilege Escalation Memory Corruption Use After Free +13
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libarchive +1
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pillow Fedora
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gcc Fedora
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcpreplay +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcpreplay +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tcpreplay +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpreplay Fedora
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE My Cloud Pr2100 Firmware My Cloud Pr4100 Firmware +11
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Libkiwix Fedora
NVD GitHub
EPSS 6% CVSS 7.8
HIGH POC PATCH Act Now

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Linux +14
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An SQL injection risk was identified in Badges code relating to configuring criteria. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Moodle Fedora +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel +9
NVD
EPSS 68% CVSS 8.8
HIGH POC PATCH THREAT This Week

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow +30
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +37
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +4
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Imgcrypt Fedora
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Authoritative Server Recursor +1
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Docker Moby +3
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 389 Directory Server Fedora +1
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Fedora +9
NVD
EPSS 6% CVSS 7.8
HIGH PATCH This Week

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Memory Corruption Buffer Overflow +13
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Authentication Bypass +32
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openvpn Fedora +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SSH Extra Packages For Enterprise Linux +2
NVD
EPSS 2% CVSS 5.9
MEDIUM POC PATCH This Month

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Paramiko +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ckeditor Drupal +7
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal +7
NVD GitHub
EPSS 8% 5.2 CVSS 7.5
HIGH POC PATCH Act Now

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service OpenSSL Debian Linux +11
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

fish is a command line shell. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Fish Fedora +1
NVD GitHub
EPSS 50% CVSS 9.8
CRITICAL PATCH Act Now

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.4 version 2.4.52 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Apache Buffer Overflow +4
NVD
EPSS 42% CVSS 9.1
CRITICAL PATCH Act Now

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.4.52 and earlier. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Apache Buffer Overflow +7
NVD
EPSS 28% CVSS 9.8
CRITICAL PATCH Act Now

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Apache Request Smuggling +7
NVD
EPSS 70% CVSS 7.5
HIGH PATCH This Week

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash.4.52 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apache Http Server +5
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Liblouis Fedora +5
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Contact Form X +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Wp Maps +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff +3
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Debian Linux +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff +3
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux +2
NVD
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Cobbler Fedora
NVD GitHub
EPSS 2% CVSS 7.1
HIGH POC PATCH This Week

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Information Disclosure +4
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux +2
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libcaca Fedora
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

A flaw was found in keepass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Keepass Extra Packages For Enterprise Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +22
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Linux Linux Kernel +1
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

A heap overflow vulnerability was found in bluez in versions prior to 5.63. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Bluez +2
NVD GitHub VulDB
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend +2
NVD
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend +1
NVD
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend +2
NVD
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Zabbix XSS Frontend +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

.NET and Visual Studio Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Net +5
NVD VulDB
Prev Page 15 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy