Skip to main content
CVE-2022-20828 HIGH POC THREAT Act Now

A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Asa Firepower
NVD
CVSS 3.1
7.2
EPSS
48.3%
CVE-2022-32405 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32404 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_inmate.php:3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32403 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_record.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32402 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/manage_prison.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32401 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_privilege.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32399 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/view_crime.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32398 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32397 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32396 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32395 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32394 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/view_inmate.php:3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32393 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32392 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32391 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-33121 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Minicms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-20829 HIGH POC This Week

A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cisco Isa 3000 Firmware Asa 5585 X Firmware Asa 5512 X Firmware +2
NVD GitHub
CVSS 3.1
7.2
EPSS
3.2%
CVE-2022-32400 HIGH POC This Week

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/user/manage_user.php:4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Prison Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-32143 HIGH This Week

In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Information Disclosure Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32138 HIGH This Week

In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-32137 HIGH This Week

In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-32142 HIGH This Week

Multiple CODESYS Products are prone to a out-of bounds read or write access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-1965 HIGH This Week

Multiple products of CODESYS implement a improper error handling. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-21046 HIGH This Week

A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Eagleget
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28619 HIGH This Week

A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Control Repository Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32530 HIGH This Week

A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Geo Scada Mobile
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-1746 HIGH This Week

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Imagecast X
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2022-22390 HIGH This Week

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Privilege Escalation Microsoft Information Disclosure Db2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-2102 HIGH This Week

Controls limiting uploads to certain file extensions may be bypassed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1667 HIGH This Week

Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31805 HIGH This Week

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Development System Edge Gateway Gateway Hmi Sl +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31804 HIGH This Week

The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gateway
NVD
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy