Skip to main content
CVE-2022-1014 CRITICAL POC Act Now

The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp Contacts Manager
NVD WPScan
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-0781 CRITICAL POC THREAT Act Now

The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Nirweb Support
NVD WPScan
CVSS 3.1
9.8
EPSS
12.4%
CVE-2022-28944 HIGH POC This Week

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Msi Package Builder Network Inventory Network Software Scanner +5
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-30014 HIGH POC This Week

Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Simple Food Website
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-29376 HIGH POC This Week

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Microsoft Xampp
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-29002 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Xxl Job
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-28999 HIGH POC This Week

Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Dev C
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30016 HIGH POC This Week

Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rescue Dispatch Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-28998 HIGH POC This Week

Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Xlight Ftp
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2022-31489 HIGH POC This Week

Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blockchain Altexchanger
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31488 HIGH POC This Week

Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blockchain Altexchanger
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31487 HIGH POC This Week

Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blockchain Altexchanger Blockchain Fiatexchanger
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28997 HIGH POC This Week

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Cszcms
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-29004 MEDIUM POC This Month

Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP E Diary Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
3.5%
CVE-2022-29005 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Birth Certificate System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.5%
CVE-2022-28932 CRITICAL Act Now

D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation D-Link Dsl G2452Dg Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-1547 MEDIUM POC This Month

The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Check Log Email
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1268 MEDIUM POC This Month

The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Donate Extra
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1221 MEDIUM POC This Month

The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Gwyn S Imagemap Selector
NVD WPScan
CVSS 3.1
6.1
EPSS
2.0%
CVE-2022-1218 MEDIUM POC This Month

The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Domain Replace
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1192 MEDIUM POC This Month

The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Turn Off All Comments
NVD WPScan
CVSS 3.1
6.1
EPSS
3.0%
CVE-2022-0346 MEDIUM POC This Month

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Xml Sitemap Generator
NVD WPScan
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-1467 CRITICAL Act Now

Windows OS can be configured to overlay a “language bar” on top of any application. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Command Injection Information Disclosure Intouch Access Anywhere Plant Scada Access Anywhere
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2022-29599 CRITICAL PATCH Act Now

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Maven Shared Utils Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2022-30015 MEDIUM POC This Month

In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Food Website
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30017 MEDIUM POC This Month

Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rescue Dispatch Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1811 MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Publify
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1825 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Providence
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1558 MEDIUM POC This Month

The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Curtain
NVD WPScan
CVSS 3.1
4.8
EPSS
1.0%
CVE-2022-1320 MEDIUM POC This Month

The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Sliderby10Web
NVD WPScan
CVSS 3.1
4.8
EPSS
1.0%
CVE-2022-1298 MEDIUM POC This Month

The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tabs Responsive
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1093 MEDIUM POC This Month

The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Meta Seo
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1810 MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Publify
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-28874 HIGH This Week

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Atlant Elements Endpoint Protection Linux Security +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31467 HIGH This Week

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Total Security
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2022-31466 HIGH This Week

Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Total Security
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-0900 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.4.6.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Divvy Drive
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-1817 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Badminton Center Management System. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Badminton Center Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1816 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zoo Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy