Skip to main content
CVE-2022-25865 CRITICAL POC PATCH Act Now

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Workspace Tools
NVD GitHub
CVSS 3.1
9.8
EPSS
6.8%
CVE-2022-21190 CRITICAL POC PATCH Act Now

This affects the package convict before 6.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Prototype Pollution Mozilla Convict
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-1715 CRITICAL POC PATCH Act Now

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Facturascripts
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-30413 CRITICAL POC Act Now

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid 19 Travel Pass Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30407 CRITICAL POC Act Now

Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Sales And Inventory System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30395 CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30392 CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30391 CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30386 CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30385 CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30384 CRITICAL POC Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30370 CRITICAL POC Act Now

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Air Cargo Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-29383 CRITICAL POC THREAT Act Now

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear SQLi Ssl312 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
49.0%
CVE-2022-25591 CRITICAL POC Act Now

BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Blogengine Net
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2022-25862 HIGH POC This Week

This affects the package sds from 0.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Sds
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-29218 HIGH POC This Week

RubyGems is a package registry used to supply software for the Ruby language ecosystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Rubygems Org
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-27134 HIGH POC This Week

EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eosio Batdappboomx
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-30417 HIGH POC This Week

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Covid 19 Travel Pass Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30415 HIGH POC This Week

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid 19 Travel Pass Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30414 HIGH POC This Week

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_application&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Covid 19 Travel Pass Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30412 HIGH POC This Week

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid 19 Travel Pass Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30411 HIGH POC This Week

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Covid 19 Travel Pass Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30403 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30402 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30401 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30400 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30399 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30398 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30396 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30393 HIGH POC This Week

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30379 HIGH POC This Week

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Social Networking Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30378 HIGH POC This Week

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Social Networking Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30376 HIGH POC This Week

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Social Networking Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30374 HIGH POC This Week

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Air Cargo Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30373 HIGH POC This Week

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Air Cargo Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30372 HIGH POC This Week

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Air Cargo Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30371 HIGH POC This Week

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Air Cargo Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-1714 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Radare2
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-29854 MEDIUM POC This Month

A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Minet Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2022-30408 MEDIUM POC This Month

Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Covid 19 Travel Pass Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-30381 MEDIUM POC This Month

Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Merchandise Online Store
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-30375 MEDIUM POC This Month

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Simple Social Networking Site
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-30367 MEDIUM POC This Month

Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Air Cargo Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-30489 MEDIUM POC This Month

WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wn535G3 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
4.1%
CVE-2022-22282 CRITICAL Act Now

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sonicwall Sma 6200 Firmware Sma 6210 Firmware Sma 7200 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2022-30387 CRITICAL Act Now

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-29794 CRITICAL Act Now

The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-27247 MEDIUM POC This Month

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Winhotel Mx
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-22260 CRITICAL Act Now

The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-25762 HIGH PATCH This Week

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Tomcat Information Disclosure Agile Plm
NVD
CVSS 3.1
8.6
EPSS
8.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy