Skip to main content
CVE-2022-0824 HIGH POC PATCH THREAT Act Now

Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Webmin
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
97.0%
CVE-2022-26171 CRITICAL POC Act Now

Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bank Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-26170 CRITICAL POC Act Now

Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Mobile Comparison Website
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-26169 CRITICAL POC Act Now

Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Air Cargo Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-25399 CRITICAL POC Act Now

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Real Estate Portal System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25398 CRITICAL POC Act Now

Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Auto Spare Parts Management
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25396 CRITICAL POC Act Now

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cosmetics And Beauty Product Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25394 CRITICAL POC Act Now

Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Medical Store Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-25045 CRITICAL POC Act Now

Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Home Owners Collection Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-23878 CRITICAL POC Act Now

seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Seacms
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-25016 CRITICAL POC Act Now

Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Home Owners Collection Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-25395 CRITICAL POC Act Now

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cosmetics And Beauty Product Online Store
NVD GitHub
CVSS 3.1
9.6
EPSS
1.0%
CVE-2022-0819 HIGH POC PATCH THREAT This Week

Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
8.8
EPSS
43.6%
CVE-2022-0829 HIGH POC PATCH This Week

Improper Authorization in GitHub repository webmin/webmin prior to 1.990. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Webmin
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2022-25115 HIGH POC This Week

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Home Owners Collection Management System
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-25393 HIGH POC This Week

Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Bakery Shop Management
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-0577 MEDIUM POC PATCH This Month

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Scrapy Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-25114 MEDIUM POC This Month

Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Event Management
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-23395 MEDIUM POC This Month

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution XSS Jquery Cookie
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-0675 CRITICAL Act Now

In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Firewall
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-23640 CRITICAL PATCH Act Now

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Apache XXE Excel Streaming Reader
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-24306 CRITICAL Act Now

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Zoho Manageengine Sharepoint Manager Plus
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-24305 CRITICAL Act Now

Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Microsoft Information Disclosure Manageengine Sharepoint Manager Plus
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-23779 MEDIUM POC THREAT This Month

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.1
5.3
EPSS
15.1%
CVE-2021-38266 HIGH PATCH This Week

The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Liferay Portal Digital Experience Platform
NVD VulDB
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-22301 HIGH PATCH This Week

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Fortiap C
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-0711 HIGH PATCH This Week

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Haproxy Openshift Container Platform Software Collections Enterprise Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
16.6%
CVE-2022-25634 HIGH PATCH This Week

Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Qt
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-38268 MEDIUM PATCH This Month

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-3658 MEDIUM PATCH This Month

bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Bluez Fedora
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-24447 MEDIUM This Month

An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Key Manager Plus
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-24722 MEDIUM PATCH This Month

VIewComponent is a framework for building view components in Ruby on Rails. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Viewcomponent
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-23958 MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23957 MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23955 MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23954 MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23956 MEDIUM This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23953 MEDIUM This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-22350 MEDIUM This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22303 MEDIUM PATCH This Month

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Fortinet Information Disclosure Fortimanager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-25051 MEDIUM PATCH This Month

An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Rtl 433
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-25050 MEDIUM PATCH This Month

rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Memory Corruption Buffer Overflow Rlt 433
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-23656 MEDIUM PATCH This Month

Zulip is an open source team chat app. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zulip Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-22944 MEDIUM PATCH This Month

VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

VMware XSS Workspace One Boxer
NVD
CVSS 3.1
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy