Skip to main content
CVE-2022-28007 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\cashadvance_delete.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28006 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_delete.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-27478 HIGH POC THREAT This Week

Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Victor Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
20.0%
CVE-2022-29566 HIGH POC This Week

The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Bulletproofs
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-28444 HIGH POC This Week

UCMS v1.6 was discovered to contain an arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ucms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-27924 HIGH POC KEV THREAT This Week

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Zimbra Collaboration Suite
NVD
CVSS 3.1
7.5
EPSS
85.4%
CVE-2022-28445 MEDIUM POC This Month

KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Kitecms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-29548 MEDIUM POC THREAT This Month

A reflected XSS issue exists in the Management Console of several WSO2 products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Api Manager Api Manager Analytics Api Microgateway Data Analytics Server +5
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
41.1%
CVE-2022-27926 MEDIUM POC KEV THREAT This Month

A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD
CVSS 3.1
6.1
EPSS
17.6%
CVE-2022-28434 CRITICAL Act Now

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=edit&sid=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Baby Care System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-1420 MEDIUM POC PATCH This Month

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Vim Fedora macOS
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-24870 MEDIUM POC PATCH This Month

Combodo iTop is a web based IT Service Management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Itop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-1022 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.5.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Chatwoot
NVD GitHub
CVSS 3.1
5.4
EPSS
4.4%
CVE-2022-28443 CRITICAL Act Now

UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ucms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-20786 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to conduct. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-26856 HIGH This Week

Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Repository Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20732 HIGH This Week

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Virtualized Infrastructure Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20773 HIGH This Week

A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Umbrella Virtual Appliance
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28366 HIGH PATCH This Week

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cyberneko Html Htmlunit Antisamy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-24424 HIGH This Week

Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Path Traversal Emc Appsync
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-24423 HIGH PATCH This Week

Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dell Integrated Dell Remote Access Controller 8 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-20795 HIGH This Week

A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-20783 HIGH This Week

A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Collaboration Endpoint Roomos
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-24875 HIGH PATCH This Week

The CVEProject/cve-services is an open source project used to operate the CVE services api. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cve Services
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-24867 HIGH PATCH This Week

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-29498 HIGH PATCH This Week

Blazer before 2.6.0 allows SQL Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Blazer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-29547 HIGH This Week

The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Createredirect
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-20787 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco CSRF Unified Communications Manager
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-28743 MEDIUM This Month

Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6, and Application FW <= 2.91.2.66, allows an authenticated remote attacker with. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE R2C Application Firmware R2C System Firmware
NVD
CVSS 3.1
6.6
EPSS
1.1%
CVE-2022-22969 MEDIUM PATCH This Month

<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Java Information Disclosure Spring Security Oauth Communications Design Studio
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-20804 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Communications Manager
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-20790 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Unified Communications Manager
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-20789 MEDIUM This Month

A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-24272 MEDIUM PATCH This Month

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service MongoDB
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-29577 MEDIUM PATCH This Month

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Antisamy Enterprise Manager Base Platform Weblogic Server
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-28367 MEDIUM PATCH This Month

OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Antisamy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-28820 MEDIUM PATCH This Month

ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in /apps/acs-commons/content/page-compare.html endpoint via the a and b GET parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Acs Aem Commons
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-20788 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Communications Manager Unity Connection
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-20778 MEDIUM This Month

A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Webex Meetings
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-27237 MEDIUM PATCH This Month

There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with several NI products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Flexlogger G Web Development Software Labview Static Test Software Suite +1
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-22558 MEDIUM This Month

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Dell Buffer Overflow R6415 Firmware R7415 Firmware +18
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2022-24869 MEDIUM PATCH This Month

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-24868 MEDIUM PATCH This Month

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-22436 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-22435 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-23711 MEDIUM This Month

A vulnerability in Kibana could expose sensitive information related to Elastic Stack monitoring in the Kibana page source. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-20805 MEDIUM This Month

A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Umbrella Secure Web Gateway
NVD
CVSS 3.1
4.1
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy