Skip to main content
CVE-2022-25096 CRITICAL POC Act Now

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Home Owners Collection Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-25095 CRITICAL POC Act Now

Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Home Owners Collection Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-25359 CRITICAL POC THREAT Act Now

On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Scadaflex Ii Firmware Weblib
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
37.3%
CVE-2022-25094 HIGH POC THREAT This Week

Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Home Owners Collection Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
23.3%
CVE-2022-26149 HIGH POC This Week

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Revolution
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
9.3%
CVE-2022-0764 MEDIUM POC PATCH This Month

Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Strapi
NVD GitHub
CVSS 3.1
6.7
EPSS
0.8%
CVE-2022-21706 CRITICAL PATCH Act Now

Zulip is an open-source team collaboration tool with topic-based threading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Zulip Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-22908 MEDIUM POC This Month

SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vdi Client
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0723 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-0763 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0762 MEDIUM POC PATCH This Month

Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Microweber
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-24986 HIGH This Week

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Race Condition Kcron
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23308 HIGH PATCH This Week

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Libxml2 Fedora +33
NVD GitHub
CVSS 3.1
7.5
EPSS
6.0%
CVE-2022-26146 MEDIUM This Month

Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qtest
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy