Skip to main content
CVE-2022-26285 CRITICAL POC Act Now

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-26284 CRITICAL POC Act Now

Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Client Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-26283 CRITICAL POC Act Now

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Subscription Website
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-26174 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Beekeeper Studio
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-26148 CRITICAL POC THREAT Act Now

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zabbix PHP Grafana Information Disclosure Ceph Storage +1
NVD
CVSS 3.1
9.8
EPSS
53.4%
CVE-2022-0760 CRITICAL POC PATCH THREAT Act Now

The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Simple Link Directory
NVD WPScan
CVSS 3.1
9.8
EPSS
10.8%
CVE-2022-0747 CRITICAL POC PATCH THREAT Act Now

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Infographic Maker
NVD WPScan
CVSS 3.1
9.8
EPSS
15.3%
CVE-2022-0739 CRITICAL POC PATCH THREAT Act Now

The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Bookingpress
NVD WPScan
CVSS 3.1
9.8
EPSS
37.2%
CVE-2022-0694 CRITICAL POC PATCH Act Now

The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Advanced Booking Calendar
NVD WPScan
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-25505 CRITICAL POC Act Now

Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Taocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-0591 CRITICAL POC THREAT Act Now

The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Formcraft3
NVD WPScan
CVSS 3.1
9.1
EPSS
20.2%
CVE-2022-26960 CRITICAL POC PATCH THREAT Act Now

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Path Traversal Elfinder
NVD GitHub
CVSS 3.1
9.1
EPSS
51.0%
CVE-2022-26184 CRITICAL PATCH Act Now

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Poetry
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-24766 CRITICAL PATCH Act Now

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Request Smuggling Mitmproxy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy