Skip to main content
CVE-2022-32301 CRITICAL POC Act Now

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Youdiancms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-32101 CRITICAL POC Act Now

kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Kkcms
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-32991 HIGH POC This Week

Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Web Based Quiz System
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-32302 HIGH POC This Week

Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Theme Park Ticketing System
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-32300 HIGH POC This Week

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Youdiancms
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-32299 HIGH POC This Week

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Youdiancms
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-2086 HIGH POC THREAT This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bank Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
19.0%
CVE-2022-32372 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32371 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32370 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32374 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32373 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32368 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32433 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-32381 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_admin_profile.php?my_index=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32380 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32379 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32378 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32377 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32376 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_events.php?event_id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32375 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32992 HIGH POC This Week

Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours And Travels Management System
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-41672 MEDIUM POC This Month

PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Peel Shopping
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-32158 CRITICAL Act Now

Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Splunk
NVD
CVSS 3.1
10.0
EPSS
1.4%
CVE-2022-30136 CRITICAL PATCH Act Now

Windows Network File System Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
9.8
EPSS
74.7%
CVE-2022-20825 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Denial Of Service Stack Overflow Cisco +4
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-20798 CRITICAL Act Now

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance Secure Email And Web Manager
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-20733 CRITICAL Act Now

A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Identity Services Engine
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-20210 CRITICAL Act Now

The UE and the EMM communicate with each other using NAS messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-20191 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20173 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20171 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20170 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20167 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20164 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20160 CRITICAL Act Now

Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20145 CRITICAL Act Now

In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
6.5%
CVE-2022-20140 CRITICAL Act Now

In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
8.6%
CVE-2022-20130 CRITICAL Act Now

In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
8.4%
CVE-2022-20127 CRITICAL Act Now

In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2022-24127 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Redcap
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-24004 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Redcap
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-29406 MEDIUM POC This Month

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Team Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-27859 MEDIUM POC This Month

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Nd Travel
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-32151 CRITICAL Act Now

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Python Information Disclosure Splunk Cloud Platform
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-30165 HIGH PATCH This Week

Windows Kerberos Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2022-30161 HIGH PATCH This Week

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2022-30158 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2022-30157 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
7.4%
CVE-2022-30153 HIGH PATCH This Week

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
8.8
EPSS
2.3%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy