Skip to main content
CVE-2022-29596 CRITICAL POC Act Now

MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Path Traversal Enterprise Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-30450 CRITICAL POC THREAT Act Now

A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Waimairencms
NVD
CVSS 3.1
9.8
EPSS
21.0%
CVE-2022-30449 CRITICAL POC Act Now

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-30448 CRITICAL POC Act Now

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-30063 CRITICAL POC THREAT Act Now

ftcms <=2.1 was discovered to be vulnerable to code execution attacks . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ftcms
NVD
CVSS 3.1
9.8
EPSS
17.5%
CVE-2022-30453 CRITICAL POC THREAT Act Now

ShopWind <= 3.4.2 has a RCE vulnerability in Database.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Shopwind
NVD
CVSS 3.1
9.8
EPSS
15.3%
CVE-2022-30048 CRITICAL POC Act Now

Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30047 CRITICAL POC Act Now

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-29009 CRITICAL POC THREAT Act Now

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cyber Cafe Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
22.6%
CVE-2022-29007 CRITICAL POC THREAT Act Now

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dairy Farm Shop Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
19.5%
CVE-2022-29006 CRITICAL POC THREAT Act Now

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Directory Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
19.5%
CVE-2022-29316 CRITICAL POC Act Now

Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Complete Online Job Search System
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-30451 HIGH POC This Week

An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Waimairencms
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-30060 HIGH POC This Week

ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ftcms
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30040 HIGH POC This Week

Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1803 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-29847 HIGH POC THREAT This Week

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD GitHub
CVSS 3.1
7.5
EPSS
55.9%
CVE-2022-29932 HIGH POC This Week

The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Spazio
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-19228 HIGH POC This Week

An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bludit
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-30452 HIGH POC This Week

ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopwind
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-29655 HIGH POC This Week

An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Wedding Management System
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-29318 HIGH POC This Week

An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Car Rental Management System
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-29855 MEDIUM POC This Month

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE 6873I Sip Firmware 6930 Sip Firmware 6940 Sip Firmware 6865I Sip Firmware +5
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2022-29977 MEDIUM POC This Month

There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-29978 MEDIUM POC This Month

There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-30062 MEDIUM POC This Month

ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Ftcms
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-30061 MEDIUM POC This Month

ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ftcms
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-30059 MEDIUM POC This Month

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Shopwind
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-29848 MEDIUM POC This Month

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD GitHub
CVSS 3.1
6.5
EPSS
3.5%
CVE-2022-29845 MEDIUM POC This Month

In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Whatsup Gold
NVD GitHub
CVSS 3.1
6.5
EPSS
3.9%
CVE-2022-24584 MEDIUM POC This Month

Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Otp
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-29008 MEDIUM POC This Month

An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bus Pass Management System
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-30592 CRITICAL PATCH Act Now

liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Lsquic
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-29656 CRITICAL Act Now

Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Wedding Management System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-29317 CRITICAL Act Now

Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Simple Bus Ticket Booking System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-1623 MEDIUM POC PATCH This Month

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff Fedora Ontap Select Deploy Administration Utility +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-1622 MEDIUM POC PATCH This Month

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff Fedora Ontap Select Deploy Administration Utility +4
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2022-30057 MEDIUM POC This Month

Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Shopwind
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29727 MEDIUM POC This Month

Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enterprise Survey Software
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.3%
CVE-2022-30058 MEDIUM POC This Month

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Shopwind
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-29846 MEDIUM POC This Month

In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whatsup Gold
NVD GitHub
CVSS 3.1
5.3
EPSS
5.1%
CVE-2022-29898 CRITICAL Act Now

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rad Ism 900 En Bd Firmware Rad Ism 900 En Bd B Firmware Rad Ism 900 En Bd Bus Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-29897 CRITICAL Act Now

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rad Ism 900 En Bd Firmware Rad Ism 900 En Bd B Firmware Rad Ism 900 En Bd Bus Firmware
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-29611 HIGH This Week

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-26116 HIGH This Week

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Fortinac
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-28838 HIGH This Week

Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2022-28243 HIGH This Week

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
7.8
EPSS
11.0%
CVE-2022-28242 HIGH This Week

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
3.4%
CVE-2022-28241 HIGH This Week

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
7.8
EPSS
3.1%
CVE-2022-28240 HIGH This Week

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
12.5%
CVE-2022-28239 HIGH This Week

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
7.8
EPSS
3.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy