Skip to main content
CVE-2022-30813 CRITICAL POC Act Now

elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30810 CRITICAL POC Act Now

elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30809 CRITICAL POC Act Now

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30808 CRITICAL POC THREAT Act Now

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Elite Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
16.1%
CVE-2022-30797 CRITICAL POC Act Now

Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30521 CRITICAL POC THREAT Act Now

The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE D-Link Buffer Overflow Dir 890L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.6%
CVE-2022-30512 CRITICAL POC Act Now

School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Dormitory Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
9.6%
CVE-2022-30511 CRITICAL POC Act Now

School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Dormitory Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-30510 CRITICAL POC Act Now

School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Dormitory Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-30506 CRITICAL POC Act Now

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mcms
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-30481 CRITICAL POC Act Now

Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Food Order And Table Reservation System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30478 CRITICAL POC Act Now

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ecommerce Project With Php And Mysqli Fruits Bazar
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30423 CRITICAL POC Act Now

Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-30352 CRITICAL POC Act Now

phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Phpabook
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-29777 CRITICAL POC PATCH Act Now

Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Core Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
6.9%
CVE-2022-29776 CRITICAL POC PATCH Act Now

Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Core Document Server
NVD GitHub
CVSS 3.1
9.8
EPSS
6.9%
CVE-2022-29730 CRITICAL POC Act Now

USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Usr G808 Firmware Usr G807 Firmware Usr G806 Firmware Usr G800V2 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29659 CRITICAL POC Act Now

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Responsive Online Blog
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-25237 CRITICAL POC THREAT Act Now

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Bonita Web
NVD GitHub
CVSS 3.1
9.8
EPSS
56.2%
CVE-2022-24702 CRITICAL POC Act Now

An issue was discovered in WinAPRS 2.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Winaprs
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2022-31945 CRITICAL POC Act Now

Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Rescue Dispatch Management System
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-30034 HIGH POC PATCH This Week

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Python Flower
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
1.3%
CVE-2022-31462 HIGH POC This Week

Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Meeting Owl Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-30822 HIGH POC This Week

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30821 HIGH POC This Week

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30820 HIGH POC This Week

In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30819 HIGH POC This Week

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Wedding Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-30425 HIGH POC THREAT This Week

Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Hg6 Firmware
NVD
CVSS 3.1
8.8
EPSS
19.1%
CVE-2022-29735 HIGH POC This Week

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Entelitouch Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-29725 HIGH POC This Week

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Witycms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-29647 HIGH POC This Week

An issue was discovered in MCMS 5.2.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-29624 HIGH POC This Week

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Tpcms
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-27778 HIGH POC PATCH This Week

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap Oncommand Insight +10
NVD
CVSS 3.1
8.1
EPSS
3.5%
CVE-2021-42877 HIGH POC This Week

TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ex1200t Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-29594 HIGH POC This Week

eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Eg Agent Eg Manager Eg Rum Collectors Vm Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32250 HIGH POC PATCH This Week

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Memory Corruption Use After Free Linux Linux Kernel +7
NVD GitHub
CVSS 3.1
7.8
EPSS
2.9%
CVE-2022-32200 HIGH POC PATCH This Week

libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libdwarf
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-29692 HIGH POC This Week

Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Unicorn Engine
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-24701 HIGH POC This Week

An issue was discovered in WinAPRS 2.9.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Winaprs
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-1968 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-27782 HIGH POC This Week

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-27775 HIGH POC This Week

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Hci Bootstrap Os Clustered Data Ontap +9
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-27781 HIGH POC This Week

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bootstrap
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2022-31004 HIGH POC This Week

CVEProject/cve-services is an open source project used to operate the CVE services API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cve Services
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-30496 HIGH POC This Week

SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Idce
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-29729 HIGH POC This Week

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure 4G Lte Network Extender Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-29695 HIGH POC PATCH This Week

Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Unicorn Engine
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29694 HIGH POC PATCH This Week

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Unicorn Engine
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-29693 HIGH POC PATCH This Week

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Unicorn Engine
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-27780 HIGH POC This Week

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +6
NVD
CVSS 3.1
7.5
EPSS
2.2%
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy