Skip to main content
CVE-2022-28397 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ghost
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-27260 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Buttercms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-27262 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Skipper
NVD VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-27952 CRITICAL POC PATCH Act Now

An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Payload
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-27263 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Strapi
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-27140 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Express Fileupload
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-27139 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Ghost
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-28036 CRITICAL POC Act Now

AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Atomcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28035 CRITICAL POC Act Now

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Atomcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28034 CRITICAL POC Act Now

AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Atomcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28033 CRITICAL POC Act Now

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Atomcms
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2022-28032 CRITICAL POC Act Now

AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Atomcms
NVD GitHub
CVSS 3.1
9.8
EPSS
5.9%
CVE-2022-27473 CRITICAL POC Act Now

SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Roothub
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27472 CRITICAL POC Act Now

SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Roothub
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27165 CRITICAL POC Act Now

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Csz Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27164 CRITICAL POC Act Now

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Csz Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27163 CRITICAL POC Act Now

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Csz Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27162 CRITICAL POC Act Now

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Csz Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27161 CRITICAL POC Act Now

Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Csz Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-0142 CRITICAL POC Act Now

The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Visual Form Builder
NVD WPScan
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-29080 CRITICAL POC Act Now

The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Node.js Npm Dependency Versions
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-24842 HIGH POC PATCH This Week

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Minio
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-28213 HIGH POC THREAT This Week

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
12.5%
CVE-2022-27418 HIGH POC This Week

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-27416 HIGH POC This Week

Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tcpreplay
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-27387 HIGH POC This Week

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-27386 HIGH POC This Week

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-27385 HIGH POC This Week

An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi MariaDB
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-27384 HIGH POC This Week

An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-27383 HIGH POC This Week

MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-27382 HIGH POC This Week

MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-27381 HIGH POC This Week

An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-27380 HIGH POC This Week

An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-27379 HIGH POC This Week

An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-27378 HIGH POC This Week

An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-27377 HIGH POC This Week

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-27376 HIGH POC This Week

MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-27261 HIGH POC This Week

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Express Fileupload
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-21803 HIGH POC PATCH This Week

This affects the package nconf before 0.11.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Nconf
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-24248 MEDIUM POC THREAT This Month

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Ritecms
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
21.0%
CVE-2022-24247 MEDIUM POC This Month

RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Path Traversal Ritecms
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
3.9%
CVE-2022-0878 MEDIUM POC This Month

Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Combined Charging System Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-22561 CRITICAL PATCH Act Now

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-25752 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware Scalance X306 1Ldfe Firmware +20
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-23450 CRITICAL PATCH Act Now

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Simatic Energy Manager Basic Simatic Energy Manager Pro
NVD
CVSS 3.1
9.8
EPSS
35.8%
CVE-2022-28347 CRITICAL PATCH Act Now

A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Python Django Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-28346 CRITICAL PATCH Act Now

An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Python Django Debian Linux
NVD
CVSS 3.1
9.8
EPSS
18.5%
CVE-2022-0436 MEDIUM POC PATCH This Month

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Grunt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-27419 MEDIUM POC This Month

rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Rtl 433
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-1330 MEDIUM POC PATCH This Month

stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Fullpage
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy