Skip to main content
CVE-2022-25148 CRITICAL POC PATCH THREAT Act Now

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress Wp Statistics
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
80.9%
CVE-2022-25004 CRITICAL POC Act Now

Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25003 CRITICAL POC Act Now

Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/view_doctor.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25809 CRITICAL POC Act Now

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Echo Dot Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-25418 CRITICAL POC Act Now

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25417 CRITICAL POC Act Now

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25414 CRITICAL POC THREAT Act Now

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.4%
CVE-2022-25403 CRITICAL POC Act Now

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25084 CRITICAL POC THREAT Act Now

TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
24.8%
CVE-2022-25083 CRITICAL POC Act Now

TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A860R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25082 CRITICAL POC THREAT Act Now

TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A950rg Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
15.7%
CVE-2022-25081 CRITICAL POC Act Now

TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T10 V2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25080 CRITICAL POC Act Now

TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A830R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25079 CRITICAL POC Act Now

TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A810R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25078 CRITICAL POC Act Now

TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25077 CRITICAL POC THREAT Act Now

TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3100R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
32.6%
CVE-2022-25076 CRITICAL POC Act Now

TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A800R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-25075 CRITICAL POC THREAT Act Now

TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3000Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
56.2%
CVE-2022-25074 CRITICAL POC THREAT Act Now

TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE TP-Link Buffer Overflow Tl Wr902Ac Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.0%
CVE-2022-25073 CRITICAL POC THREAT Act Now

TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Tl Wr841n Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.0%
CVE-2022-25072 CRITICAL POC THREAT Act Now

TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE TP-Link Buffer Overflow Archer A54 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.0%
CVE-2022-25330 CRITICAL POC PATCH Act Now

Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Trend Micro Serverprotect Serverprotect For Network Appliance Filer +1
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2022-25402 CRITICAL POC Act Now

An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Hospital Management System
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2022-24707 HIGH POC PATCH This Week

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Time Tracker
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.2%
CVE-2022-24232 HIGH POC This Week

A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-25636 HIGH POC PATCH This Week

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Buffer Overflow Linux Kernel Debian Linux +11
NVD GitHub
CVSS 3.1
7.8
EPSS
2.6%
CVE-2022-25101 HIGH POC This Week

A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Wbce Cms
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-25099 HIGH POC This Week

A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Wbce Cms
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-25149 HIGH POC PATCH THREAT This Week

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress Wp Statistics
NVD GitHub
CVSS 3.1
7.5
EPSS
78.0%
CVE-2022-0651 HIGH POC PATCH THREAT This Week

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress Wp Statistics
NVD GitHub
CVSS 3.1
7.5
EPSS
33.0%
CVE-2022-25401 HIGH POC This Week

The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cuppacms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-25104 HIGH POC This Week

HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Horizontcms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-25331 HIGH POC PATCH This Week

Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Trend Micro Serverprotect Serverprotect For Network Appliance Filer Serverprotect For Storage
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2022-23043 HIGH POC PATCH This Week

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Zenario
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-24599 MEDIUM POC This Month

In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Audiofile Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-25307 MEDIUM POC PATCH This Month

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress Wp Statistics
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-25306 MEDIUM POC PATCH This Month

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress Wp Statistics
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-25305 MEDIUM POC PATCH THREAT This Month

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress Wp Statistics
NVD GitHub
CVSS 3.1
6.1
EPSS
78.9%
CVE-2022-0653 MEDIUM POC PATCH This Month

The Profile Builder - User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress Profile Builder
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2022-22794 CRITICAL Act Now

Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE SQLi Pineapp Mail Secure
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-25643 CRITICAL Act Now

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Seatd
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-25406 CRITICAL Act Now

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Tongda2000
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-25405 CRITICAL Act Now

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in change_box.php via the DELETE_STR parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Tongda2000
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-25404 CRITICAL Act Now

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETE_STR parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Tongda2000
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-21142 CRITICAL Act Now

Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A Blog Cms
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-25329 CRITICAL PATCH Act Now

Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Trend Micro Serverprotect Serverprotect For Network Appliance Filer Serverprotect For Storage
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-24614 MEDIUM POC PATCH This Month

When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Metadata Extractor
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-24613 MEDIUM POC PATCH This Month

metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Metadata Extractor
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-0695 MEDIUM POC PATCH This Month

Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Radare2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-24620 MEDIUM POC This Month

Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Piwigo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy