Skip to main content
CVE-2022-30843 HIGH POC This Week

Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Room Rent Portal Site
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-30463 HIGH POC This Week

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-30459 HIGH POC This Week

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Chatbot App With Suggestion
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-1839 HIGH POC This Week

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Home Clean Services Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-1850 HIGH POC PATCH This Week

Path Traversal in GitHub repository filegator/filegator prior to 7.8.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Filegator
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-29305 HIGH POC This Week

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Imgurl
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-29333 HIGH POC This Week

A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Powerdirector
NVD VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-29309 HIGH POC This Week

mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mysiteforme
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-29377 HIGH POC This Week

Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow A3600r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-23050 HIGH POC This Week

ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries'. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Applications Manager
NVD
CVSS 3.1
7.2
EPSS
4.6%
CVE-2022-1838 HIGH POC This Week

A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Home Clean Services Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-1837 HIGH POC This Week

A vulnerability was found in Home Clean Services Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Home Clean Services Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-22495 HIGH PATCH This Week

IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-29221 HIGH PATCH This Week

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP RCE Code Injection Smarty Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2022-1669 HIGH This Week

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Compact Dc S Basic Firmware
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-26532 HIGH This Week

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Zyxel Vpn100 Firmware Vpn1000 Firmware Vpn300 Firmware +62
NVD
CVSS 3.1
7.8
EPSS
4.8%
CVE-2022-26531 HIGH This Week

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Vpn100 Firmware Vpn1000 Firmware Vpn300 Firmware +62
NVD
CVSS 3.1
7.8
EPSS
5.8%
CVE-2022-22497 HIGH PATCH This Week

IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29249 HIGH PATCH This Week

JavaEZ is a library that adds new functions to make Java easier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Javaez
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31261 HIGH This Week

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Morpheus
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29567 HIGH PATCH This Week

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Vaadin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-29242 HIGH PATCH This Week

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

OpenSSL Buffer Overflow Gost Engine
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-29219 HIGH PATCH This Week

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Lodestar
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-29217 HIGH PATCH This Week

PyJWT is a Python implementation of RFC 7519. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Pyjwt Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-22977 HIGH This Week

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

VMware Information Disclosure Microsoft XXE Tools
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy