Skip to main content
CVE-2022-29337 CRITICAL POC THREAT Act Now

C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fd702Xw X R430 Firmware
NVD
CVSS 3.1
9.8
EPSS
35.3%
CVE-2022-29334 CRITICAL POC Act Now

An issue in H v1.0 allows attackers to bypass authentication via a session replay attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-30838 CRITICAL POC Act Now

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid 19 Travel Pass Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30461 CRITICAL POC Act Now

Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Water Billing System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30455 CRITICAL POC Act Now

Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Badminton Center Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30454 CRITICAL POC Act Now

Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30843 HIGH POC This Week

Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Room Rent Portal Site
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-30463 HIGH POC This Week

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-30459 HIGH POC This Week

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Chatbot App With Suggestion
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-1839 HIGH POC This Week

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Home Clean Services Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-1850 HIGH POC PATCH This Week

Path Traversal in GitHub repository filegator/filegator prior to 7.8.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Filegator
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-29305 HIGH POC This Week

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Imgurl
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-29333 HIGH POC This Week

A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Powerdirector
NVD VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-29309 HIGH POC This Week

mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mysiteforme
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-29377 HIGH POC This Week

Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow A3600r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-23050 HIGH POC This Week

ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries'. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Applications Manager
NVD
CVSS 3.1
7.2
EPSS
4.6%
CVE-2022-1838 HIGH POC This Week

A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Home Clean Services Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-1837 HIGH POC This Week

A vulnerability was found in Home Clean Services Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Home Clean Services Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-30839 MEDIUM POC This Month

Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Room Rent Portal Site
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-29246 CRITICAL Act Now

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Buffer Overflow Threadx Usbx
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-29223 CRITICAL Act Now

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Threadx Usbx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1849 MEDIUM POC PATCH This Month

Session Fixation in GitHub repository filegator/filegator prior to 7.8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Session Fixation Information Disclosure Filegator
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30842 MEDIUM POC This Month

Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Covid 19 Travel Pass Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30837 MEDIUM POC This Month

Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Toll Tax Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30464 MEDIUM POC This Month

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Chatbot App With Suggestion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30462 MEDIUM POC This Month

Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Water Billing System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30460 MEDIUM POC This Month

Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Social Networking Site
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30458 MEDIUM POC This Month

Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Automotive Shop Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30456 MEDIUM POC This Month

Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Badminton Center Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1848 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Para
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-22495 HIGH PATCH This Week

IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-29221 HIGH PATCH This Week

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP RCE Code Injection Smarty Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2022-1669 HIGH This Week

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Compact Dc S Basic Firmware
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-26532 HIGH This Week

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Zyxel Vpn100 Firmware Vpn1000 Firmware Vpn300 Firmware +62
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2022-26531 HIGH This Week

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Vpn100 Firmware Vpn1000 Firmware Vpn300 Firmware +62
NVD
CVSS 3.1
7.8
EPSS
5.8%
CVE-2022-22497 HIGH PATCH This Week

IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29249 HIGH PATCH This Week

JavaEZ is a library that adds new functions to make Java easier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Javaez
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31261 HIGH This Week

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Morpheus
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29567 HIGH PATCH This Week

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Vaadin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-29242 HIGH PATCH This Week

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

OpenSSL Buffer Overflow Gost Engine
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-29219 HIGH PATCH This Week

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Lodestar
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-29217 HIGH PATCH This Week

PyJWT is a Python implementation of RFC 7519. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Pyjwt Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-22977 HIGH This Week

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

VMware Information Disclosure Microsoft XXE Tools
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2022-22309 MEDIUM This Month

The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Power System S922 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-0910 MEDIUM This Month

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Vpn100 Firmware Vpn1000 Firmware Vpn300 Firmware +29
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-0734 MEDIUM This Month

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zyxel Vpn100 Firmware Vpn1000 Firmware Vpn300 Firmware +29
NVD
CVSS 3.1
6.1
EPSS
8.4%
CVE-2022-29237 MEDIUM PATCH This Month

Opencast is a free and open source solution for automated video capture and distribution at scale. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Opencast
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-22306 MEDIUM This Month

An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-31263 MEDIUM PATCH This Month

app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mastodon
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-1840 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0.php?link=registerand. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Home Clean Services Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy