Skip to main content
CVE-2022-29632 CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Roncoo Education
NVD GitHub
CVSS 3.1
9.8
EPSS
16.1%
CVE-2022-30516 CRITICAL POC Act Now

In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-30495 CRITICAL POC Act Now

In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Automotive Shop Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30493 CRITICAL POC Act Now

In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SQLi Automotive Shop Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-30500 CRITICAL POC Act Now

Jfinal cms 5.1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-30477 CRITICAL POC Act Now

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-30476 CRITICAL POC Act Now

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-30474 CRITICAL POC Act Now

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-30472 CRITICAL POC Act Now

Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-29660 CRITICAL POC THREAT Act Now

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
9.8
EPSS
11.4%
CVE-2022-1899 CRITICAL POC PATCH Act Now

Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Radare2
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-31265 HIGH POC This Week

The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure World Of Warships
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-29685 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-29669 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-29667 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-29664 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-22616 MEDIUM POC This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mac Os X macOS
NVD
CVSS 3.1
5.5
EPSS
7.7%
CVE-2022-22576 HIGH POC This Week

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bootstrap
NVD VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2022-29637 HIGH POC This Week

An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mindoc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-1886 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-30475 HIGH POC This Week

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-30473 HIGH POC This Week

Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29721 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-29720 HIGH POC This Week

74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure 74Cmsse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-29689 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29688 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29687 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29686 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29684 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29683 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29682 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29681 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29680 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29676 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29670 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29666 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29665 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-29663 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-29662 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-29661 HIGH POC This Week

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cscms Music Portal System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30508 MEDIUM POC This Month

DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Dedecms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-27777 MEDIUM POC PATCH This Month

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Actionpack Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-29633 CRITICAL Act Now

An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linglong
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-26776 CRITICAL Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Apple macOS
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-26775 CRITICAL Act Now

An integer overflow was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple Mac Os X macOS
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-26723 CRITICAL Act Now

A memory corruption issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Apple macOS
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-26711 CRITICAL Act Now

An integer overflow issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Microsoft Apple Itunes +5
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-26708 CRITICAL Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-21831 CRITICAL PATCH Act Now

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Code Injection Active Storage Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-24422 CRITICAL PATCH Act Now

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dell Idrac9
NVD
CVSS 3.1
9.8
EPSS
53.8%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy