Skip to main content
CVE-2022-24136 CRITICAL POC Act Now

Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-26546 CRITICAL POC Act Now

Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hospital Management System
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-1191 HIGH POC PATCH This Week

SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SSRF Live Helper Chat
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-27052 HIGH POC This Week

FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freeftpd
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27050 HIGH POC This Week

BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Bitcomet
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1176 HIGH POC PATCH This Week

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Live Helper Chat
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-27966 MEDIUM POC This Month

Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Xshell
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-27965 MEDIUM POC This Month

Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Xlpd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-27964 MEDIUM POC This Month

Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Xmanager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-27963 MEDIUM POC This Month

Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Xftp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-24796 CRITICAL PATCH Act Now

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection File Upload Raspberrymatic
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-24791 CRITICAL PATCH Act Now

Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Wasmtime
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-0350 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Vditor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-24797 CRITICAL PATCH Act Now

Pomerium is an identity-aware access proxy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure Pomerium
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-42868 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Patient Management Software
NVD VulDB
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-25915 HIGH PATCH This Week

Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Wrc 1167Gst2 Firmware Wrc 1167Gst2A Firmware Wrc 1167Gst2H Firmware Wrc 2533Gs2 B Firmware +19
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-26019 HIGH PATCH This Week

Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Pfsense Pfsense Plus
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2022-24299 HIGH PATCH This Week

Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Pfsense Pfsense Plus
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-22986 HIGH This Week

Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Og410Xa Firmware Og410Xi Firmware Og810Xa Firmware Og810Xi Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-28128 HIGH This Week

Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Attachecase
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-25348 HIGH This Week

Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Attachecase
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-24798 HIGH PATCH This Week

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Internet Routing Registry Daemon
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-24758 HIGH PATCH This Week

The Jupyter notebook is a web-based notebook environment for interactive computing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Notebook
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-22311 MEDIUM PATCH This Month

IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-23183 MEDIUM This Month

Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Advanced Custom Fields
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-24794 MEDIUM PATCH This Month

Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Google Open Redirect Express Openid Connect
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27496 MEDIUM This Month

Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zero Channel Plus
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27049 LOW POC Monitor

Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Raidrive
NVD GitHub
CVSS 3.1
2.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy