Skip to main content
CVE-2022-30034 HIGH POC PATCH This Week

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Python Flower
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
1.3%
CVE-2022-31462 HIGH POC This Week

Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Meeting Owl Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-30822 HIGH POC This Week

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30821 HIGH POC This Week

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30820 HIGH POC This Week

In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30819 HIGH POC This Week

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30425 HIGH POC THREAT This Week

Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Hg6 Firmware
NVD
CVSS 3.1
8.8
EPSS
19.1%
CVE-2022-29735 HIGH POC This Week

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Entelitouch Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-29725 HIGH POC This Week

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Witycms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-29647 HIGH POC This Week

An issue was discovered in MCMS 5.2.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-29624 HIGH POC This Week

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Tpcms
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-27778 HIGH POC PATCH This Week

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap Oncommand Insight +10
NVD
CVSS 3.1
8.1
EPSS
3.5%
CVE-2021-42877 HIGH POC This Week

TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ex1200t Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-29594 HIGH POC This Week

eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Eg Agent Eg Manager Eg Rum Collectors Vm Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32250 HIGH POC PATCH This Week

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Memory Corruption Use After Free Linux Linux Kernel +7
NVD GitHub
CVSS 3.1
7.8
EPSS
2.9%
CVE-2022-32200 HIGH POC PATCH This Week

libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libdwarf
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-29692 HIGH POC This Week

Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Unicorn Engine
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-24701 HIGH POC This Week

An issue was discovered in WinAPRS 2.9.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Winaprs
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-1968 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-27782 HIGH POC This Week

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-27775 HIGH POC This Week

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Hci Bootstrap Os Clustered Data Ontap +9
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-27781 HIGH POC This Week

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bootstrap
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2022-31004 HIGH POC This Week

CVEProject/cve-services is an open source project used to operate the CVE services API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cve Services
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-30496 HIGH POC This Week

SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Idce
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-29729 HIGH POC This Week

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure 4G Lte Network Extender Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-29695 HIGH POC PATCH This Week

Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Unicorn Engine
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29694 HIGH POC PATCH This Week

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Unicorn Engine
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-29693 HIGH POC PATCH This Week

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Unicorn Engine
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-27780 HIGH POC This Week

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +6
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-24700 HIGH POC This Week

An issue was discovered in WinAPRS 2.9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Winaprs
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-1929 HIGH POC PATCH This Week

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Node.js Devcert
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31460 HIGH POC This Week

Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Meeting Owl Pro Firmware
NVD
CVSS 3.1
7.4
EPSS
3.4%
CVE-2022-32028 HIGH POC This Week

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Car Rental Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
4.9%
CVE-2022-32027 HIGH POC This Week

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Car Rental Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32026 HIGH POC This Week

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Car Rental Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
5.3%
CVE-2022-32025 HIGH POC This Week

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Car Rental Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2022-32024 HIGH POC This Week

Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Car Rental Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2022-32022 HIGH POC This Week

Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Car Rental Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
4.9%
CVE-2022-32021 HIGH POC This Week

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Car Rental Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32018 HIGH POC This Week

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complete Online Job Search System
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2022-32017 HIGH POC This Week

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complete Online Job Search System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32016 HIGH POC This Week

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complete Online Job Search System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32015 HIGH POC This Week

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complete Online Job Search System
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2022-32014 HIGH POC This Week

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complete Online Job Search System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32013 HIGH POC This Week

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complete Online Job Search System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-32012 HIGH POC This Week

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complete Online Job Search System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32011 HIGH POC This Week

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complete Online Job Search System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32010 HIGH POC This Week

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complete Online Job Search System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32008 HIGH POC This Week

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complete Online Job Search System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32007 HIGH POC This Week

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Complete Online Job Search System
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy