Skip to main content
CVE-2022-27925 HIGH POC KEV THREAT Act Now

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zimbra Collaboration Suite
NVD
CVSS 3.1
7.2
EPSS
98.6%
CVE-2022-28440 HIGH POC This Week

An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Ucms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-28020 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\position_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28019 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28018 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\schedule_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28017 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\overtime_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28016 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\deduction_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28015 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\cashadvance_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28014 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendance_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28013 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\schedule_employee_edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28012 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\position_delete.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28011 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\schedule_delete.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28010 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\overtime_delete.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28009 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendance_delete.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28008 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendance_delete.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28007 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\cashadvance_delete.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-28006 HIGH POC This Week

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\employee_delete.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Attendance And Payroll System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-27478 HIGH POC THREAT This Week

Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Victor Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
20.0%
CVE-2022-29566 HIGH POC This Week

The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Bulletproofs
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-28444 HIGH POC This Week

UCMS v1.6 was discovered to contain an arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ucms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-27924 HIGH POC KEV THREAT This Week

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Zimbra Collaboration Suite
NVD
CVSS 3.1
7.5
EPSS
85.4%
CVE-2022-20786 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to conduct. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-26856 HIGH This Week

Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Repository Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20732 HIGH This Week

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Virtualized Infrastructure Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20773 HIGH This Week

A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Umbrella Virtual Appliance
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28366 HIGH PATCH This Week

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cyberneko Html Htmlunit Antisamy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-24424 HIGH This Week

Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Path Traversal Emc Appsync
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-24423 HIGH PATCH This Week

Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dell Integrated Dell Remote Access Controller 8 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-20795 HIGH This Week

A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-20783 HIGH This Week

A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Collaboration Endpoint Roomos
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-24875 HIGH PATCH This Week

The CVEProject/cve-services is an open source project used to operate the CVE services api. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cve Services
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-24867 HIGH PATCH This Week

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-29498 HIGH PATCH This Week

Blazer before 2.6.0 allows SQL Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Blazer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-29547 HIGH This Week

The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Createredirect
NVD
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy