Skip to main content
CVE-2022-30829 HIGH POC This Week

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\users_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30828 HIGH POC This Week

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-30827 HIGH POC This Week

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-30826 HIGH POC This Week

Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-30825 HIGH POC This Week

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-30823 HIGH POC This Week

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-30818 HIGH POC This Week

Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wedding Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-30799 HIGH POC This Week

Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-30798 HIGH POC This Week

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-30795 HIGH POC This Week

Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-31463 HIGH POC This Week

Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Meeting Owl Pro Firmware
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2022-31461 MEDIUM POC This Month

Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Meeting Owl Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-31459 MEDIUM POC This Month

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Meeting Owl Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29597 MEDIUM POC This Month

Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Regulatory Reporting System
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-31973 MEDIUM POC This Month

Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Online Fire Reporting System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-31966 MEDIUM POC This Month

ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Chatbot App With Suggestion
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-31342 MEDIUM POC This Month

Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Online Car Wash Booking System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-30804 MEDIUM POC This Month

elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Elite Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-27776 MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Hci Bootstrap Os +9
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2022-1462 MEDIUM POC This Month

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Race Condition Linux Buffer Overflow Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2022-30514 MEDIUM POC This Month

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Dormitory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
3.3%
CVE-2022-30513 MEDIUM POC This Month

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Dormitory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
3.3%
CVE-2022-30349 MEDIUM POC This Month

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Siteserver Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-29732 MEDIUM POC This Month

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Entelitouch Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29598 MEDIUM POC This Month

Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Regulatory Reporting System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-24239 CRITICAL Act Now

ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Aceweb Online Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-24240 CRITICAL Act Now

ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Aceweb Online Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29733 MEDIUM POC This Month

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Entelitouch Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-30235 CRITICAL Act Now

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-30234 CRITICAL Act Now

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29084 CRITICAL Act Now

Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-26869 CRITICAL Act Now

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dell Information Disclosure Powerstoreos
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-25163 CRITICAL Act Now

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Melsec Iq R Rd81Mes96N Firmware Melsec Qj71E71 100 Firmware Melsec Lj71E71 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-32002 CRITICAL Act Now

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Badminton Center Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-31799 CRITICAL PATCH Act Now

Bottle before 0.12.20 mishandles errors during early request binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bottle Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-30470 CRITICAL Act Now

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Filerun
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-30324 CRITICAL PATCH Act Now

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Hashicorp Nomad
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-29712 CRITICAL PATCH Act Now

LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Librenms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-28605 CRITICAL Act Now

Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sound Bar
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-1660 CRITICAL Act Now

The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE N6854A Firmware N6841A Rf Firmware
NVD
CVSS 3.1
9.8
EPSS
16.0%
CVE-2022-27774 MEDIUM POC This Month

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bootstrap
NVD VulDB
CVSS 3.1
5.7
EPSS
0.3%
CVE-2022-32202 MEDIUM POC PATCH This Month

In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libjpeg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-32201 MEDIUM POC PATCH This Month

In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libjpeg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-31783 MEDIUM POC PATCH This Month

Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Liblouis Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-29780 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-29779 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-30429 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Neos Cms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-26497 MEDIUM POC PATCH This Month

BigBlueButton Greenlight 2.11.1 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Greenlight
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-30999 MEDIUM POC PATCH This Month

FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Upload
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-29648 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy