Skip to main content
CVE-2022-0888 CRITICAL POC Act Now

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE WordPress File Upload Ninja Forms File Uploads
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
9.3%
CVE-2021-45756 CRITICAL POC Act Now

Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Rt Ac68U Firmware Rt Ac5300 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-24934 CRITICAL POC THREAT Act Now

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Wps Office
NVD
CVSS 3.1
9.8
EPSS
20.5%
CVE-2022-23881 CRITICAL POC THREAT Act Now

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zzzphp
NVD GitHub
CVSS 3.1
9.8
EPSS
56.5%
CVE-2022-23880 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Taocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25222 CRITICAL POC Act Now

Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in 'admin/maintenance/manage_branch.php' and 'admin/maintenance/manage_fee.php' via the 'id'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Money Transfer Management System
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-0981 HIGH POC This Week

A flaw was found in Quarkus. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Quarkus
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-45757 HIGH POC This Week

ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Rt Ac68U Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-22819 HIGH POC This Week

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Lpc55S66Jbd64 Firmware Lpc55S66Jbd100 Firmware Lpc55S66Jev98 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-1033 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

File Upload Crater
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-26243 HIGH POC This Week

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac10 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-24293 CRITICAL Act Now

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE HP Denial Of Service Laserjet Pro M453 M454 W1Y40A Firmware +67
NVD VulDB
CVSS 3.1
9.8
EPSS
7.0%
CVE-2022-24292 CRITICAL Act Now

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE HP Denial Of Service Laserjet Pro M453 M454 W1Y40A Firmware +67
NVD VulDB
CVSS 3.1
9.8
EPSS
7.0%
CVE-2022-0996 MEDIUM POC This Month

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 389 Directory Server Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-0750 MEDIUM POC This Month

The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS WordPress Photoswipe Masonry Gallery
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-25221 MEDIUM POC This Month

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Money Transfer Management System
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-0854 MEDIUM POC This Month

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-27254 MEDIUM POC This Month

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Civic 2018 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-22952 CRITICAL PATCH Act Now

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

VMware Microsoft File Upload Carbon Black App Control
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-22951 CRITICAL PATCH Act Now

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

VMware RCE Command Injection Carbon Black App Control
NVD
CVSS 3.1
9.1
EPSS
21.9%
CVE-2022-25268 HIGH This Week

Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Passwork
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-25267 HIGH This Week

Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Passwork
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-24768 HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Privilege Escalation Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-1030 HIGH This Week

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Apple Advanced Server Access
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-24291 HIGH This Week

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE HP Denial Of Service Laserjet Pro M453 M454 W1Y40A Firmware +67
NVD VulDB
CVSS 3.1
7.5
EPSS
4.4%
CVE-2022-25223 MEDIUM POC This Month

Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Money Transfer Management System
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-46064 HIGH This Week

IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Irfanview
NVD VulDB
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-27666 HIGH PATCH This Week

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Memory Corruption Buffer Overflow Linux Kernel Fedora +11
NVD GitHub
CVSS 3.1
7.8
EPSS
5.5%
CVE-2022-0889 HIGH This Week

The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS WordPress Ninja Forms File Uploads
NVD VulDB
CVSS 3.1
7.2
EPSS
2.0%
CVE-2022-27192 HIGH This Week

The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dvs Avilys
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-24757 HIGH PATCH This Week

The Jupyter Server provides the backend (i.e. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jupyter Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-0635 HIGH This Week

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind H300s Firmware H500s Firmware H700s Firmware +5
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-0834 HIGH This Week

The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS WordPress Amelia
NVD VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2022-0859 MEDIUM This Month

McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epolicy Orchestrator
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-24730 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-22316 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25269 MEDIUM This Month

Passwork On-Premise Edition before 4.6.13 has multiple XSS issues. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Passwork
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-0857 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-25609 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in Yoo Slider - Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Yoo Slider
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25608 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in Yoo Slider - Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Yoo Slider
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-0862 MEDIUM This Month

A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epolicy Orchestrator
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-0396 MEDIUM PATCH This Month

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Fedora H300s Firmware H500s Firmware +7
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2022-24731 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Argo Cd
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-0842 MEDIUM This Month

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Information Disclosure Epolicy Orchestrator
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-0858 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
4.7
EPSS
0.8%
CVE-2022-25266 MEDIUM This Month

Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Passwork
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-25041 MEDIUM This Month

OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-23242 MEDIUM PATCH This Month

TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Denial Of Service Teamviewer
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2022-0861 LOW Monitor

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Epolicy Orchestrator
NVD
CVSS 3.1
3.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy