Skip to main content
CVE-2021-42675 CRITICAL POC Act Now

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Kreasfero
NVD VulDB
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-32337 CRITICAL POC Act Now

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-27668 CRITICAL POC Act Now

Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SAP Netweaver As Abap Netweaver As Abap Krnl64nuc Netweaver As Abap Krnl64uc +1
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-32352 CRITICAL POC Act Now

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-32336 CRITICAL POC Act Now

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fast Food Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31311 CRITICAL POC Act Now

An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Aerial X 1200M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-31446 CRITICAL POC THREAT Act Now

Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda RCE Command Injection Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
32.8%
CVE-2022-32328 CRITICAL POC Act Now

Fast Food Ordering System v1.0 is vulnerable to Delete any file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Fast Food Ordering System
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-32230 HIGH POC PATCH This Week

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Microsoft Null Pointer Dereference Windows 10 Windows 11 +1
NVD GitHub
CVSS 3.1
7.5
EPSS
7.0%
CVE-2022-31847 HIGH POC This Week

A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wn579X3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
5.5%
CVE-2022-31846 HIGH POC This Week

A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wn535G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
7.1%
CVE-2022-31845 HIGH POC This Week

A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wn535G3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
8.4%
CVE-2022-31309 HIGH POC This Week

A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aerial X 1200M Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-31308 HIGH POC This Week

A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aerial X 1200M Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-31447 HIGH POC This Week

An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Magicpin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-32363 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32362 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32359 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32358 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32355 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32354 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32353 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-32367 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32366 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32365 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32364 HIGH POC This Week

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Product Show Room Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32351 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32350 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room_type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32349 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_history. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32348 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_doctor. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32347 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32345 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32344 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32343 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via hprms/admin/room_types/manage_room_type.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32342 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32341 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32340 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/view_patient&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32339 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/view_doctor.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32338 HIGH POC This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/manage_doctor.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32335 HIGH POC This Week

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/manage_menu.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fast Food Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32334 HIGH POC This Week

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fast Food Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32333 HIGH POC This Week

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/sales/receipt.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fast Food Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32332 HIGH POC This Week

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fast Food Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32331 HIGH POC This Week

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/view_category.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fast Food Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32330 HIGH POC This Week

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_menu. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fast Food Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-40649 MEDIUM POC This Month

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Connx
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-40650 MEDIUM POC This Month

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Connx
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-30931 MEDIUM POC This Month

Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Employee Leaves Management System
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-31415 MEDIUM POC This Month

Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Fire Reporting System
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-31403 MEDIUM POC This Month

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy