Skip to main content
CVE-2022-24706 CRITICAL POC KEV PATCH THREAT Act Now

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Information Disclosure Couchdb
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
92.5%
CVE-2022-29806 CRITICAL POC PATCH THREAT Act Now

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Zoneminder
NVD GitHub
CVSS 3.1
9.8
EPSS
67.1%
CVE-2022-27985 CRITICAL POC Act Now

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cuppacms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2022-27984 CRITICAL POC Act Now

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microsoft PHP Cuppacms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2022-28521 CRITICAL POC Act Now

ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-24881 CRITICAL POC PATCH Act Now

Ballcat Codegen provides the function of online editing code to generate templates. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Codegen
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-27469 CRITICAL POC Act Now

Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Monsta Ftp
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-27468 CRITICAL POC Act Now

Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Monsta Ftp
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-27299 CRITICAL POC Act Now

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-28528 HIGH POC This Week

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Bloofoxcms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-28918 HIGH POC This Week

GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Greencms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-28527 HIGH POC This Week

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Dhcms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-28523 HIGH POC This Week

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Hongcms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-28059 HIGH POC This Week

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Verydows
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-28058 HIGH POC This Week

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Verydows
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-24882 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freerdp Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-1466 MEDIUM POC PATCH This Month

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Red Hat Keycloak Single Sign On
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-26564 MEDIUM POC This Month

HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hoteldruid
NVD
CVSS 3.1
6.1
EPSS
2.8%
CVE-2022-28449 MEDIUM POC This Month

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nopcommerce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-28524 CRITICAL Act Now

ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Ed01 Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-24883 CRITICAL PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-29499 CRITICAL KEV THREAT Act Now

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mivoice Connect
NVD
CVSS 3.1
9.8
EPSS
56.6%
CVE-2022-28522 MEDIUM POC This Month

ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Zcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-28450 MEDIUM POC This Month

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the "Text" parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nopcommerce
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-28448 MEDIUM POC This Month

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nopcommerce
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1173 MEDIUM POC PATCH This Month

stored xss in GitHub repository getgrav/grav prior to 1.7.33. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Grav
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2022-28525 HIGH This Week

ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Ed01 Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-23942 HIGH PATCH This Week

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Information Disclosure Doris
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2022-27888 MEDIUM This Month

Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Foundry Issues
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28218 MEDIUM This Month

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Webmail Messenger
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-27854 MEDIUM This Month

Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Psychological Tests Quizzes
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24866 MEDIUM PATCH This Month

Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Assign
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy