Skip to main content
CVE-2022-26301 CRITICAL POC Act Now

TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-26279 CRITICAL POC Act Now

EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eyoucms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-26272 CRITICAL POC THREAT Act Now

A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Ionize
NVD GitHub
CVSS 3.1
9.8
EPSS
22.5%
CVE-2022-26249 CRITICAL POC Act Now

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Surveyking
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-27811 CRITICAL POC PATCH Act Now

GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Ocrfeeder
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-27083 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-27082 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27081 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27080 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27079 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27078 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27077 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-27076 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-26536 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-26290 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-26289 CRITICAL POC Act Now

Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-26629 CRITICAL POC Act Now

An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Soroushplus
NVD GitHub
CVSS 3.1
9.1
EPSS
3.2%
CVE-2022-25568 HIGH POC PATCH This Week

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Motioneye
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
CVE-2022-0153 HIGH POC PATCH This Week

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Fork Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-1061 HIGH POC PATCH This Week

Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Radare2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-21820 MEDIUM POC PATCH THREAT This Month

NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service,. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service RCE Nvidia Data Center Gpu Manager
NVD
CVSS 3.1
6.3
EPSS
16.5%
CVE-2022-25575 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Parking Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-1058 MEDIUM POC PATCH THREAT This Month

Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Gitea Open Redirect
NVD GitHub
CVSS 3.1
6.1
EPSS
53.2%
CVE-2022-1052 MEDIUM POC PATCH This Month

Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-0145 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Fork Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-22374 CRITICAL Act Now

The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Power 9 Ac922 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-0955 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Data Hub
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0551 HIGH This Week

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cmc Guardian
NVD
CVSS 4.0
8.6
EPSS
0.9%
CVE-2022-0550 HIGH This Week

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cmc Guardian
NVD
CVSS 4.0
8.6
EPSS
0.9%
CVE-2022-25576 MEDIUM POC This Month

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Anchor Cms
NVD GitHub
CVSS 3.1
4.5
EPSS
0.4%
CVE-2022-25571 HIGH This Week

Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Internet Access Detector
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-0315 HIGH PATCH This Week

Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Horovod
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-24781 HIGH PATCH This Week

Geon is a board game based on solving questions about the Pythagorean Theorem. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Session Fixation Information Disclosure Geon
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2022-24776 MEDIUM PATCH This Month

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Flask Appbuilder
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-24769 MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable and accelerate software containerization. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Docker Moby Fedora Runc +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-24782 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-27820 MEDIUM This Month

OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Zed Attack Proxy
NVD GitHub
CVSS 3.1
4.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy