Skip to main content
CVE-2022-1775 CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Brute Force Information Disclosure Trudesk
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-22972 CRITICAL POC THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access +2
NVD
CVSS 3.1
9.8
EPSS
52.8%
CVE-2022-28995 CRITICAL POC Act Now

Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Rengine
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-28531 CRITICAL POC THREAT Act Now

Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid 19 Directory On Vaccination System
NVD
CVSS 3.1
9.8
EPSS
14.2%
CVE-2022-30887 CRITICAL POC THREAT Act Now

Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
24.8%
CVE-2022-30886 CRITICAL POC Act Now

School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Dormitory Management System
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-30518 CRITICAL POC Act Now

ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Chatbot Application With A Suggestion Feature
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29023 CRITICAL POC PATCH Act Now

A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Openrazer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-29022 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Openrazer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-29021 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Openrazer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-28993 CRITICAL POC Act Now

Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Multi Store Inventory Management System
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-28106 CRITICAL POC Act Now

Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Online Sports Complex Booking System
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28105 CRITICAL POC Act Now

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Sports Complex Booking System
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28104 CRITICAL POC Act Now

Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pdf Editor
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-26633 CRITICAL POC Act Now

Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Quarterly Result Grade System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-26632 CRITICAL POC Act Now

Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Multi Vendor Online Groceries Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-1770 HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Trudesk
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2022-31245 HIGH POC PATCH This Week

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Mailcow
NVD GitHub
CVSS 3.1
8.8
EPSS
5.2%
CVE-2022-28992 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Online Banquet Booking System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-25227 HIGH POC This Week

Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Thinfinity Vnc
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-29181 HIGH POC PATCH This Week

Nokogiri is an open source XML and HTML library for Ruby. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nokogiri macOS
NVD GitHub
CVSS 3.1
8.2
EPSS
2.9%
CVE-2022-28990 HIGH POC PATCH This Week

WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Wasm3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-29320 HIGH POC This Week

MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Partition Wizard
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-27095 HIGH POC This Week

BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Battleye
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-26634 HIGH POC This Week

HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Hidemyass
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-24434 HIGH POC PATCH This Week

This affects all versions of package dicer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Dicer
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2022-21195 HIGH POC This Week

All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Url Regex
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-28991 HIGH POC This Week

Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Multi Store Inventory Management System
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-1784 HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-21500 HIGH POC PATCH THREAT This Week

Vulnerability in Oracle E-Business Suite (component: Manage Proxies). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle E Business Suite User Management
NVD
CVSS 3.1
7.5
EPSS
70.6%
CVE-2022-29208 HIGH POC PATCH This Week

TensorFlow is an open source platform for machine learning. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-1803 MEDIUM POC PATCH This Month

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trudesk
NVD GitHub
CVSS 3.1
6.9
EPSS
1.5%
CVE-2022-27094 MEDIUM POC This Month

Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Playmemories Home
NVD Exploit-DB
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-31215 MEDIUM POC This Month

In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Client Agent Reach Console Reach Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-1754 MEDIUM POC PATCH This Month

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Trudesk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-1806 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Rtx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29165 CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
10.0
EPSS
1.9%
CVE-2022-29186 CRITICAL PATCH Act Now

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Docker Rundeck
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28618 CRITICAL Act Now

A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Nimbleos
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-28660 CRITICAL Act Now

The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Grafana
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29206 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29205 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29204 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29203 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29202 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29201 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29207 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29200 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29199 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29198 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy