Skip to main content
CVE-2022-27412 CRITICAL POC Act Now

Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Explore Cms
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-1013 CRITICAL POC Act Now

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Personal Dictionary
NVD WPScan
CVSS 3.1
9.8
EPSS
6.8%
CVE-2022-0948 CRITICAL POC Act Now

The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Order Listener For Woocommerce
NVD WPScan
CVSS 3.1
9.8
EPSS
10.0%
CVE-2022-0836 CRITICAL POC Act Now

The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Sema Api
NVD WPScan
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-0826 CRITICAL POC Act Now

The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp Video Gallery Free
NVD WPScan
CVSS 3.1
9.8
EPSS
9.2%
CVE-2022-0817 CRITICAL POC THREAT Act Now

The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Badgeos
NVD WPScan
CVSS 3.1
9.8
EPSS
11.7%
CVE-2022-0814 CRITICAL POC Act Now

The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Ubigeo De Peru Para Woocommerce
NVD WPScan
CVSS 3.1
9.8
EPSS
9.5%
CVE-2022-0592 CRITICAL POC THREAT Act Now

The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Mapsvg
NVD WPScan
CVSS 3.1
9.8
EPSS
10.3%
CVE-2022-23066 CRITICAL POC PATCH Act Now

In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rbpf
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2022-30335 CRITICAL Act Now

Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SQLi Bonanza Wealth Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28738 CRITICAL PATCH Act Now

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ruby
NVD
CVSS 3.1
9.8
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy