Skip to main content
CVE-2022-28001 CRITICAL POC Act Now

Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Movie Seat Reservation
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-27357 CRITICAL POC Act Now

Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Ecommerce Website
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-27351 CRITICAL POC Act Now

Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Zoo Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-28805 CRITICAL POC PATCH Act Now

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Lua Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2021-41715 HIGH POC This Week

libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Denial Of Service Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-40656 HIGH POC This Week

libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-27044 HIGH POC This Week

libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-27046 HIGH POC This Week

libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Libsixel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-26180 HIGH POC This Week

qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Qdpm
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
3.8%
CVE-2022-28000 HIGH POC This Week

Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Car Rental System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-27992 HIGH POC This Week

Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoo Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-27352 HIGH POC This Week

Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Simple House Rental System
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-27346 HIGH POC This Week

Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Ecommerce Website
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-27064 HIGH POC This Week

Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Musical World
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24821 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-28002 HIGH POC This Week

Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Movie Seat Reservation
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-1219 HIGH POC PATCH This Week

SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi Pimcore
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-27349 HIGH POC This Week

Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Social Codia Sms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.4%
CVE-2022-27061 HIGH POC This Week

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Aerocms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.5%
CVE-2022-26588 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Icehrm
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-27991 MEDIUM POC This Month

Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-24229 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Document Server
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-27063 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Aerocms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-26624 MEDIUM POC This Month

Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-26854 CRITICAL Act Now

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-26852 CRITICAL Act Now

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-27047 CRITICAL Act Now

mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mogu Blog Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1284 MEDIUM POC PATCH This Month

heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-1283 MEDIUM POC PATCH This Month

NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-27148 MEDIUM POC This Month

GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-27147 MEDIUM POC This Month

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-27146 MEDIUM POC This Month

GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-27145 MEDIUM POC This Month

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-24820 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-24819 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
3.3%
CVE-2022-26851 CRITICAL Act Now

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-24428 HIGH This Week

Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-27348 MEDIUM POC This Month

Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Social Codia Sms
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2022-27062 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Aerocms
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2022-22339 HIGH PATCH This Week

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF IBM Planning Analytics
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2022-28796 HIGH PATCH This Week

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. Rated high severity (CVSS 7.0).

Race Condition Linux Information Disclosure Linux Kernel Enterprise Linux +13
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-27152 MEDIUM This Month

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Roku Os
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2022-26855 MEDIUM This Month

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Dell Emc Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22563 MEDIUM This Month

Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy