Skip to main content
CVE-2022-28944 HIGH POC This Week

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Msi Package Builder Network Inventory Network Software Scanner +5
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-30014 HIGH POC This Week

Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Simple Food Website
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-29376 HIGH POC This Week

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Microsoft Xampp
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-29002 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Xxl Job
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-28999 HIGH POC This Week

Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Dev C
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30016 HIGH POC This Week

Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rescue Dispatch Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-28998 HIGH POC This Week

Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Xlight Ftp
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2022-31489 HIGH POC This Week

Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blockchain Altexchanger
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31488 HIGH POC This Week

Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blockchain Altexchanger
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31487 HIGH POC This Week

Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blockchain Altexchanger Blockchain Fiatexchanger
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28997 HIGH POC This Week

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Cszcms
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-28874 HIGH This Week

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Atlant Elements Endpoint Protection Linux Security +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31467 HIGH This Week

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Total Security
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2022-31466 HIGH This Week

Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Total Security
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy