Skip to main content
CVE-2022-30790 HIGH POC CISA Act Now

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
Threat
5.1
CVE-2022-30882 CRITICAL POC Act Now

pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pyanxdns
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-30877 CRITICAL POC Act Now

The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Keep
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-30926 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30925 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30924 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30923 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30922 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30921 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30920 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30919 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30918 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30917 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30916 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30915 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30914 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30913 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30912 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30910 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-30909 CRITICAL POC Act Now

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-1692 CRITICAL POC THREAT Act Now

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Cp Image Store With Slideshow
NVD WPScan
CVSS 3.1
9.8
EPSS
10.4%
CVE-2022-0788 CRITICAL POC Act Now

The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Fundengine
NVD WPScan
CVSS 3.1
9.8
EPSS
7.9%
CVE-2022-21122 CRITICAL POC PATCH Act Now

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Metacalc
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-24065 CRITICAL POC PATCH Act Now

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Python Cookiecutter Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2022-1996 CRITICAL POC PATCH Act Now

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Go Restful Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.7%
CVE-2022-1683 HIGH POC This Week

The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Amtythumb
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-28382 HIGH POC This Week

An issue was discovered in certain Verbatim drives through 2022-03-31. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keypad Secure Usb 3 2 Gen 1 Firmware Store N Go Secure Portable Hdd Firmware Executive Fingerprint Secure Ssd Firmware Fingerprint Secure Portable Hard Drive Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-31325 HIGH POC This Week

There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Churchcrm
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
5.0%
CVE-2022-28383 MEDIUM POC This Month

An issue was discovered in certain Verbatim drives through 2022-03-31. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keypad Secure Usb 3 2 Gen 1 Firmware Store N Go Secure Portable Hdd Firmware Executive Fingerprint Secure Ssd Firmware Fingerprint Secure Portable Hard Drive Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2022-1570 MEDIUM POC This Month

The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Files Download Delay
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-1424 MEDIUM POC This Month

The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Ask Me
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1422 MEDIUM POC This Month

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Discy
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-0779 MEDIUM POC This Month

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal User Meta User Profile Builder And User Management
NVD WPScan
CVSS 3.1
6.5
EPSS
2.2%
CVE-2022-1673 MEDIUM POC This Month

The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Woocommerce Green Wallet Gateway
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1597 MEDIUM POC This Month

The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wpqa Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
2.9%
CVE-2022-1241 MEDIUM POC This Month

The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ask Me
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1005 MEDIUM POC This Month

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Statistics
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-31313 CRITICAL Act Now

api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Api Res Py
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-28384 MEDIUM POC This Month

An issue was discovered in certain Verbatim drives through 2022-03-31. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Keypad Secure Usb 3 2 Gen 1 Firmware Store N Go Secure Portable Hdd Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1997 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rosariosis
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1577 MEDIUM POC This Month

The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Database Backup
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-1506 MEDIUM POC This Month

The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Born Babies
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1598 MEDIUM POC This Month

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wpqa Builder
NVD WPScan
CVSS 3.1
5.3
EPSS
5.1%
CVE-2022-1691 MEDIUM POC This Month

The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Realty Workstation
NVD WPScan
CVSS 3.1
4.9
EPSS
1.0%
CVE-2022-1685 MEDIUM POC This Month

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Five Minute Webshop
NVD WPScan
CVSS 3.1
4.9
EPSS
1.0%
CVE-2022-1647 MEDIUM POC This Month

The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Formcraft
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1569 MEDIUM POC This Month

The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more!. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Drag Drop Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1541 MEDIUM POC This Month

The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Video Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1469 MEDIUM POC This Month

The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Fibosearch
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1394 MEDIUM POC This Month

The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Photo Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy