Skip to main content
CVE-2022-23347 HIGH POC THREAT Act Now

BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.1%.

Path Traversal Bigant Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
13.1%
CVE-2022-26285 CRITICAL POC Act Now

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-26284 CRITICAL POC Act Now

Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-26283 CRITICAL POC Act Now

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Subscription Website
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-26174 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Beekeeper Studio
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-26148 CRITICAL POC THREAT Act Now

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zabbix PHP Grafana Information Disclosure Ceph Storage +1
NVD
CVSS 3.1
9.8
EPSS
53.4%
CVE-2022-0760 CRITICAL POC PATCH THREAT Act Now

The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Simple Link Directory
NVD WPScan
CVSS 3.1
9.8
EPSS
10.8%
CVE-2022-0747 CRITICAL POC PATCH THREAT Act Now

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Infographic Maker
NVD WPScan
CVSS 3.1
9.8
EPSS
15.3%
CVE-2022-0739 CRITICAL POC PATCH THREAT Act Now

The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Bookingpress
NVD WPScan
CVSS 3.1
9.8
EPSS
37.2%
CVE-2022-0694 CRITICAL POC PATCH Act Now

The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Advanced Booking Calendar
NVD WPScan
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-25505 CRITICAL POC Act Now

Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Taocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-23346 HIGH POC This Week

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bigant Server
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-0591 CRITICAL POC THREAT Act Now

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Formcraft3
NVD WPScan
CVSS 3.1
9.1
EPSS
20.2%
CVE-2022-26960 CRITICAL POC PATCH THREAT Act Now

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Path Traversal Elfinder
NVD GitHub
CVSS 3.1
9.1
EPSS
51.0%
CVE-2022-23349 HIGH POC This Week

BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bigant Server
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-26183 HIGH POC PATCH This Week

PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Pnpm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-0687 HIGH POC This Week

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Amelia
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-25766 HIGH POC PATCH THREAT This Week

The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ungit
NVD GitHub
CVSS 3.1
8.8
EPSS
33.9%
CVE-2022-24237 HIGH POC THREAT This Week

The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aria
NVD
CVSS 3.1
8.8
EPSS
25.3%
CVE-2022-24235 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Aria
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-0415 HIGH POC PATCH THREAT This Week

Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Gogs
NVD GitHub
CVSS 3.1
8.8
EPSS
65.2%
CVE-2022-27607 HIGH POC This Week

Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bento4
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-0229 HIGH POC This Week

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google CSRF WordPress Google Authenticator
NVD WPScan
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-23352 HIGH POC This Week

An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bigant Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-23345 HIGH POC This Week

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bigant Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-27333 HIGH POC This Week

idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Idccms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-25481 HIGH POC This Week

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Thinkphp
NVD GitHub
CVSS 3.1
7.5
EPSS
4.7%
CVE-2022-0681 MEDIUM POC This Month

The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Simple Membership
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-0514 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Crater
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25570 MEDIUM POC This Month

In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Passwordstate
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-0640 MEDIUM POC This Month

The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Pricing Table Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0628 MEDIUM POC This Month

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ap Mega Menu
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0627 MEDIUM POC This Month

The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Amelia
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-24656 MEDIUM POC This Month

HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hexoeditor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-23348 MEDIUM POC This Month

BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bigant Server
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
3.4%
CVE-2022-26184 CRITICAL PATCH Act Now

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Poetry
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-24766 CRITICAL PATCH Act Now

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Request Smuggling Mitmproxy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-23350 MEDIUM POC This Month

BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bigant Server
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-1035 MEDIUM POC PATCH This Month

Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-27090 MEDIUM POC This Month

Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cscms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-0423 MEDIUM POC This Month

The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress 3d Flipbook
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0364 MEDIUM POC THREAT This Month

The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Modern Events Calendar Lite
NVD WPScan
CVSS 3.1
5.4
EPSS
69.6%
CVE-2022-0590 MEDIUM POC This Month

The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Bulletproof Security
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-22394 HIGH PATCH This Week

The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Spectrum Protect
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-0616 MEDIUM POC This Month

The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Amelia
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-0515 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Crater
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-24775 HIGH PATCH This Week

guzzlehttp/psr7 is a PSR-7 HTTP message library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Drupal Psr 7
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-24236 LOW POC Monitor

An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aria
NVD
CVSS 3.1
3.5
EPSS
0.5%
CVE-2022-0475 MEDIUM This Month

Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-26494 MEDIUM This Month

An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Signserver
NVD
CVSS 3.1
4.8
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy