Skip to main content
CVE-2022-28118 CRITICAL POC Act Now

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Siteserver Cms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-27413 CRITICAL POC Act Now

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-28585 CRITICAL POC Act Now

EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Empirecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-27962 CRITICAL POC Act Now

Bluecms 1.6 has a SQL injection vulnerability at cooike. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bluecms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28561 CRITICAL POC Act Now

There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
9.9%
CVE-2022-28560 CRITICAL POC Act Now

There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-23063 HIGH POC This Week

In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Shopizer
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-20759 HIGH POC THREAT This Week

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Firepower Threat Defense Adaptive Security Appliance Software
NVD GitHub
CVSS 3.1
8.8
EPSS
28.4%
CVE-2022-1554 HIGH POC PATCH This Week

Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Scout
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-29001 HIGH POC This Week

In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Springbootmovie
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-28505 HIGH POC This Week

Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-28590 HIGH POC THREAT This Week

A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Pixelimity
NVD GitHub
CVSS 3.1
7.2
EPSS
24.0%
CVE-2022-23400 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Imagegear
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-22137 MEDIUM POC This Month

A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-29824 MEDIUM POC PATCH This Month

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libxml2 Libxslt Fedora +16
NVD
CVSS 3.1
6.5
EPSS
3.6%
CVE-2022-0882 MEDIUM POC This Month

A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fuchsia
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-27330 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS E Commerce Website
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-28599 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fuel Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-28588 MEDIUM POC This Month

In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Springbootmovie
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1548 HIGH This Week

Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mattermost Playbooks
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-28589 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pixelimity
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-0916 HIGH This Week

An issue was discovered in Logitech Options. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass CSRF Options
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-21949 HIGH This Week

A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Open Build Service
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-20743 HIGH This Week

A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco File Upload Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2022-20715 HIGH This Week

A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2022-20111 HIGH This Week

In ion, there is a possible use after free due to incorrect error handling. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2022-21743 HIGH This Week

In ion, there is a possible use after free due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Denial Of Service Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-28792 HIGH This Week

DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Gear Iconx Pc Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20109 HIGH This Week

In ion, there is a possible use after free due to improper update of reference count. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20099 HIGH This Week

In aee daemon, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20093 HIGH This Week

In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20088 HIGH This Week

In aee driver, there is a possible reference count mistake due to incorrect error handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20084 HIGH This Week

In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20729 HIGH This Week

A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Code Injection Firepower Threat Defense
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27313 HIGH PATCH This Week

An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Gitea
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-22368 HIGH PATCH This Week

IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-1473 HIGH PATCH This Week

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +22
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-20767 HIGH This Week

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-20760 HIGH This Week

A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-20757 HIGH This Week

A vulnerability in the connection handling function in Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-20751 HIGH This Week

A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-20746 HIGH This Week

A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Null Pointer Dereference Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-20745 HIGH This Week

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-20730 HIGH This Week

A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-20742 HIGH This Week

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2022-1292 HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway Debian Linux Active Iq Unified Manager +31
NVD
CVSS 3.1
7.3
EPSS
83.2%
CVE-2022-28783 HIGH This Week

Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-20737 HIGH This Week

A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Heap Overflow Adaptive Security Appliance Software
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2022-20110 HIGH This Week

In ion, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-20108 MEDIUM This Month

In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android Linux Kernel
NVD
CVSS 3.1
6.7
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy