Skip to main content
CVE-2022-30927 CRITICAL POC Act Now

A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Task Scheduling System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-30469 HIGH POC This Week

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman&section=get&page=grid` leads to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filerun
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-27438 HIGH POC PATCH This Week

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Advanced Installer Call Flow Designer Crm Template Generator Boomtv Streamer Portal +66
NVD VulDB
CVSS 3.1
8.1
EPSS
2.4%
CVE-2022-29631 HIGH POC PATCH This Week

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jodd Http
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-32275 HIGH POC This Week

Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Grafana Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
8.6%
CVE-2022-30860 HIGH POC THREAT This Week

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Fudforum
NVD GitHub
CVSS 3.1
7.2
EPSS
23.0%
CVE-2022-28478 MEDIUM POC PATCH This Month

SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Seeddms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-32511 CRITICAL PATCH GHSA Act Now

jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jmespath Fedora
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-31494 MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-29296 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Genialcloud Proj
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.4%
CVE-2022-31498 MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-31492 MEDIUM POC This Month

Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-31493 MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-31481 CRITICAL Act Now

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware +11
NVD
CVSS 3.1
10.0
EPSS
1.5%
CVE-2022-31768 CRITICAL PATCH Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM SQLi Infosphere Information Server
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-31479 CRITICAL Act Now

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-28051 MEDIUM POC PATCH This Month

The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Seeddms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-28479 MEDIUM POC PATCH This Month

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Seeddms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-21745 HIGH This Week

In WIFI Firmware, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Use After Free Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-1680 HIGH This Week

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
15.5%
CVE-2022-31486 HIGH This Week

An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-31483 HIGH This Week

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-30863 MEDIUM POC This Month

FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fudforum
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-30861 MEDIUM POC This Month

FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fudforum
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1821 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-30587 HIGH This Week

Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gradle Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-22396 HIGH This Week

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-23712 HIGH PATCH This Week

A Denial of Service flaw was discovered in Elasticsearch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elastic Elasticsearch
NVD
CVSS 3.1
7.5
EPSS
7.4%
CVE-2022-21757 HIGH This Week

In WIFI Firmware, there is a possible system crash due to a missing count check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-31484 HIGH This Week

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31482 HIGH This Week

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31480 HIGH This Week

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-30586 HIGH This Week

Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Gradle
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-1944 HIGH PATCH This Week

When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-21759 MEDIUM This Month

In power service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21758 MEDIUM This Month

In ccu, there is a possible memory corruption due to a double free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21754 MEDIUM This Month

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21753 MEDIUM This Month

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21752 MEDIUM This Month

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21751 MEDIUM This Month

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21750 MEDIUM This Month

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-29617 MEDIUM This Month

Due to improper error handling an authenticated user can crash CLA assistant instance. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Contributor License Agreement Assistant
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-1936 MEDIUM PATCH This Month

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1935 MEDIUM PATCH This Month

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-28224 MEDIUM PATCH This Month

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Calico Calico Enterprise
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-21749 MEDIUM This Month

In telephony, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-21748 MEDIUM This Month

In telephony, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-1940 MEDIUM PATCH This Month

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Gitlab XSS Atlassian
NVD
CVSS 3.1
5.4
EPSS
6.3%
CVE-2022-31485 MEDIUM This Month

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-21762 MEDIUM This Month

In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy