Skip to main content
CVE-2022-30333 HIGH POC KEV PATCH THREAT Act Now

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Path Traversal Unrar Debian Linux
NVD
CVSS 3.1
7.5
EPSS
99.0%
CVE-2022-27412 CRITICAL POC Act Now

Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Explore Cms
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-1013 CRITICAL POC Act Now

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Personal Dictionary
NVD WPScan
CVSS 3.1
9.8
EPSS
6.8%
CVE-2022-0948 CRITICAL POC Act Now

The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Order Listener For Woocommerce
NVD WPScan
CVSS 3.1
9.8
EPSS
10.0%
CVE-2022-0836 CRITICAL POC Act Now

The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Sema Api
NVD WPScan
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-0826 CRITICAL POC Act Now

The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp Video Gallery Free
NVD WPScan
CVSS 3.1
9.8
EPSS
9.2%
CVE-2022-0817 CRITICAL POC THREAT Act Now

The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Badgeos
NVD WPScan
CVSS 3.1
9.8
EPSS
11.7%
CVE-2022-0814 CRITICAL POC Act Now

The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Ubigeo De Peru Para Woocommerce
NVD WPScan
CVSS 3.1
9.8
EPSS
9.5%
CVE-2022-0592 CRITICAL POC THREAT Act Now

The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Mapsvg
NVD WPScan
CVSS 3.1
9.8
EPSS
10.3%
CVE-2022-23066 CRITICAL POC PATCH Act Now

In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rbpf
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2022-29933 HIGH POC PATCH This Week

Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Craft Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2022-23332 HIGH POC This Week

Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Command Injection Acom508 Firmware Acom532 Firmware +1
NVD GitHub
CVSS 3.1
8.8
EPSS
5.2%
CVE-2022-1631 HIGH POC PATCH This Week

Users Account Pre-Takeover or Users Account Takeover. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microweber
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
9.0%
CVE-2022-30524 HIGH POC This Week

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Xpdf
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-30286 HIGH POC PATCH THREAT This Week

pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Pyscript
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
13.3%
CVE-2022-27224 HIGH POC This Week

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nts 6002 Gps Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2022-1171 MEDIUM POC This Month

The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Vertical Scroll Recent Post
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1047 MEDIUM POC This Month

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Post Type Builder Search Addon
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0625 MEDIUM POC This Month

The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Admin Menu Editor
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-30335 CRITICAL Act Now

Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SQLi Bonanza Wealth Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28738 CRITICAL PATCH Act Now

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ruby
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-43712 MEDIUM POC This Month

Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Employee Daily Task Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-27114 MEDIUM POC PATCH This Month

There is a vulnerability in htmldoc 1.9.16. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Htmldoc Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-27308 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Phprojekt Phpsimplygest
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.5%
CVE-2022-0898 MEDIUM POC This Month

The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Igniteup
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0424 MEDIUM POC This Month

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Popup
NVD WPScan
CVSS 3.1
5.3
EPSS
2.9%
CVE-2022-1338 MEDIUM POC This Month

The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Easily Generate Rest Api
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1303 MEDIUM POC This Month

The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Slide Anything
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1104 MEDIUM POC THREAT This Month

The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popup Maker
NVD WPScan Exploit-DB
CVSS 3.1
4.8
EPSS
55.8%
CVE-2022-0874 MEDIUM POC This Month

The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Social Buttons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-30240 HIGH This Week

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Magnitude Simba Amazon Redshift Jdbc Driver
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-30239 HIGH This Week

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Magnitude Simba Amazon Athena Jdbc Driver
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-29972 HIGH This Week

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Magnitude Simba Amazon Redshift Odbc Driver
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2022-29971 HIGH This Week

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Magnitude Simba Amazon Athena Odbc Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-23705 HIGH This Week

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nimbleos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-23704 HIGH This Week

A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integrated Lights Out 4
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-28739 HIGH This Week

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ruby Debian Linux macOS
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2022-29868 MEDIUM This Month

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp 1Password
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28161 MEDIUM This Month

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sannav
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22319 MEDIUM This Month

IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-22481 MEDIUM PATCH This Month

IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-28162 LOW Monitor

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sannav
NVD
CVSS 3.1
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy