Skip to main content
CVE-2022-2128 CRITICAL POC PATCH Act Now

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Trudesk
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-31795 CRITICAL POC Act Now

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eternus Cs8000 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-31794 CRITICAL POC Act Now

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eternus Cs8000 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-1905 CRITICAL POC THREAT Act Now

The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Events Made Easy
NVD WPScan
CVSS 3.1
9.8
EPSS
37.4%
CVE-2022-2023 CRITICAL POC PATCH Act Now

Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Trudesk
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-1720 HIGH POC PATCH This Week

Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Debian Linux Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2022-33913 HIGH POC This Week

In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Mahara
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-1801 HIGH POC This Week

The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Very Simple Contact Form
NVD WPScan
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-1614 HIGH POC This Week

The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Wp Email
NVD WPScan
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-1939 HIGH POC This Week

The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress File Upload Allow Svg Files
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-1472 HIGH POC This Week

The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Better Find And Replace
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-2134 MEDIUM POC PATCH This Month

Allocation of Resources Without Limits or Throttling in GitHub repository inventree/inventree prior to 0.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Inventree
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-1832 MEDIUM POC This Month

The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Capa Protect
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1831 MEDIUM POC This Month

The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wplite
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-1830 MEDIUM POC This Month

The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Amazon Einzeltitellinks
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-1829 MEDIUM POC This Month

The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS CSRF WordPress Inline Google Maps
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1828 MEDIUM POC This Month

The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Pdf24 Articles To Pdf
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1827 MEDIUM POC This Month

The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Pdf24 Articles To Pdf
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1826 MEDIUM POC This Month

The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Cross Linker
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1630 MEDIUM POC This Month

The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Email
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1610 MEDIUM POC This Month

The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Seamless Donations
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-2130 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
2.9%
CVE-2022-22318 CRITICAL PATCH Act Now

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-22317 CRITICAL PATCH Act Now

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Curam Social Program Management
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-1818 MEDIUM POC This Month

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Multi Page Toolkit
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-31062 MEDIUM POC This Month

### Impact A plugin public script can be used to read content of system files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Glpi Inventory
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
5.6%
CVE-2022-1945 MEDIUM POC This Month

The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Coming Soon Maintenance Mode
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1915 MEDIUM POC This Month

The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Zillow Review Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1896 MEDIUM POC This Month

The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Underconstruction
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1889 MEDIUM POC This Month

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Newsletter
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1717 MEDIUM POC This Month

The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Custom Share Buttons With Floating Sidebar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1266 MEDIUM POC This Month

The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Post Grid Slider Carousel Ultimate
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0663 MEDIUM POC This Month

The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Print Pdf Email By Printfriendly
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1895 MEDIUM POC This Month

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Underconstruction
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1603 MEDIUM POC This Month

The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Mail Subscribe List
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1824 HIGH This Week

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Consumer Product Removal Tool
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-1823 HIGH This Week

Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Consumer Product Removal Tool
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26669 MEDIUM This Month

ASUS Control Center is vulnerable to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Control Center
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-26668 MEDIUM This Month

ASUS Control Center API has a broken access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Control Center
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-21742 MEDIUM This Month

Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rtl8156 Firmware Rtl8156B Firmware Rtl8153 Firmware Rtl8153B Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-25772 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mautic
NVD GitHub
CVSS 3.1
6.1
EPSS
61.4%
CVE-2022-31734 MEDIUM This Month

Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Ws C2940 8Tf S Firmware Ws C2940 8Tt S Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-22414 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-32983 MEDIUM PATCH This Month

Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Knot Resolver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy