Skip to main content
CVE-2022-30781 HIGH POC PATCH THREAT Act Now

Gitea before 1.16.7 does not escape git fetch remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Gitea Information Disclosure
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
87.7%
CVE-2022-29351 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Tiddlywiki5
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-1731 CRITICAL POC Act Now

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Metasonic Doc Webclient
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-30055 CRITICAL POC Act Now

Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Prime95
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-1386 CRITICAL POC PATCH THREAT Act Now

The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF WordPress Fusion Builder Avada
NVD WPScan
CVSS 3.1
9.8
EPSS
71.7%
CVE-2022-0867 CRITICAL POC THREAT Act Now

The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Pricing Table
NVD WPScan
CVSS 3.1
9.8
EPSS
13.3%
CVE-2022-29622 CRITICAL POC Act Now

An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Formidable
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-29354 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Keystone
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-29353 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Graphql Upload
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-30011 CRITICAL POC THREAT Act Now

In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
18.5%
CVE-2022-30767 CRITICAL POC PATCH Act Now

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow U Boot Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-1182 HIGH POC This Week

The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Visual Slide Box Builder
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-1103 HIGH POC THREAT This Week

The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Advanced Uploader
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
15.9%
CVE-2022-29623 HIGH POC This Week

An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Connect Multiparty
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-1721 HIGH POC PATCH This Week

Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-1713 HIGH POC PATCH This Week

SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
9.2%
CVE-2022-30012 HIGH POC This Week

In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-30763 HIGH POC This Week

Janet before 1.22.0 mishandles arrays. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Janet
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-1409 HIGH POC This Week

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Hotel Booking Engine Pms
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-1728 MEDIUM POC PATCH This Month

Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Trudesk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-1560 MEDIUM POC This Month

The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Amministrazione Aperta
NVD WPScan
CVSS 3.1
6.5
EPSS
2.2%
CVE-2022-1407 MEDIUM POC This Month

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Hotel Booking Engine Pms
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1398 MEDIUM POC This Month

The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress External Media Without Import
NVD WPScan
CVSS 3.1
6.5
EPSS
2.9%
CVE-2022-0578 MEDIUM POC PATCH This Month

Code Injection in GitHub repository publify/publify prior to 9.2.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Publify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-0574 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Publify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-30050 MEDIUM POC This Month

Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Gnuboard
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1465 MEDIUM POC This Month

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wpc Smart Wishlist For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1455 MEDIUM POC This Month

The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Call Now Button
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1436 MEDIUM POC This Month

The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Track Trace
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1418 MEDIUM POC This Month

The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Social Stickers
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-1267 MEDIUM POC This Month

The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Bmi Bmr Calculator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1217 MEDIUM POC This Month

The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Custom Tinymce Shortcode Button
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1216 MEDIUM POC This Month

The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS WordPress Advanced Image Sitemap
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-30777 MEDIUM POC This Month

Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS H Sphere
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-30776 MEDIUM POC This Month

atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Atmail
NVD
CVSS 3.1
6.1
EPSS
4.2%
CVE-2022-30770 MEDIUM POC This Month

Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Terminalfour
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-23660 CRITICAL Act Now

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Clearpass Policy Manager
NVD
CVSS 3.1
10.0
EPSS
2.7%
CVE-2022-23658 CRITICAL Act Now

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Clearpass Policy Manager
NVD
CVSS 3.1
10.0
EPSS
2.7%
CVE-2022-23657 CRITICAL Act Now

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Clearpass Policy Manager
NVD
CVSS 3.1
10.0
EPSS
3.0%
CVE-2022-30765 CRITICAL PATCH Act Now

Calibre-Web before 0.6.18 allows user table SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Calibre Web
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29017 MEDIUM POC This Month

Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-30775 MEDIUM POC This Month

xpdf 4.04 allocates excessive memory when presented with crafted input. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-1726 MEDIUM POC PATCH This Month

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bootstrap Table
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1557 MEDIUM POC This Month

The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Uleak Security Dashboard
NVD WPScan
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-1393 MEDIUM POC This Month

The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle]. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Subtitle
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1051 MEDIUM POC This Month

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wpqa Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-30013 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Total Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1587 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Enterprise Linux Fedora +9
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2022-1586 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Fedora Enterprise Linux +10
NVD GitHub
CVSS 3.1
9.1
EPSS
3.2%
CVE-2022-23666 CRITICAL Act Now

A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
9.1
EPSS
2.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy