Skip to main content
CVE-2022-32995 CRITICAL POC THREAT Act Now

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Halo
NVD GitHub
CVSS 3.1
9.8
EPSS
15.9%
CVE-2022-32994 CRITICAL POC THREAT Act Now

Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Halo
NVD GitHub
CVSS 3.1
9.8
EPSS
16.7%
CVE-2022-32092 CRITICAL POC Act Now

D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 645 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2022-28171 CRITICAL POC THREAT Act Now

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hikvision Command Injection Ds A71024 Firmware Ds A71048 Firmware Ds A71072R Firmware +8
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
49.9%
CVE-2022-2216 CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Parse Url
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-1574 CRITICAL POC THREAT Act Now

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Html2Wp
NVD WPScan
CVSS 3.1
9.8
EPSS
11.9%
CVE-2022-1953 CRITICAL POC Act Now

The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Product Configurator For Woocommerce
NVD WPScan
CVSS 3.1
9.1
EPSS
1.7%
CVE-2022-31101 HIGH POC PATCH THREAT This Week

prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Blockwishlist
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
24.1%
CVE-2022-33007 HIGH POC This Week

TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tew 752Dru Firmware Tew 751Dr Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-2214 HIGH POC This Week

A vulnerability was found in SourceCodester Library Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-2212 HIGH POC This Week

A vulnerability was found in SourceCodester Library Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Library Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-31092 HIGH POC PATCH This Week

Pimcore is an Open Source Data & Experience Management Platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SQLi Apple Pimcore
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2022-31084 HIGH POC PATCH This Week

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
2.3%
CVE-2022-1903 HIGH POC This Week

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Armember
NVD WPScan
CVSS 3.1
8.1
EPSS
8.5%
CVE-2022-1572 HIGH POC This Week

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Html2Wp
NVD WPScan
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-2210 HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-2207 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-0722 HIGH POC PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Parse Url
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-1977 HIGH POC This Week

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Import All Pages Post Types Products Orders And Users As Xml Csv
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-33116 MEDIUM POC PATCH This Month

An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Openeclass
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-31081 MEDIUM POC PATCH This Month

HTTP::Daemon is a simple http server class written in perl. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apache Nginx Request Smuggling Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-1843 MEDIUM POC This Month

The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Mailpress
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-21161 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zonedirector Firmware
NVD VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-33005 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Diaenergie
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2218 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Parse Url
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-2217 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Parse Url
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-1916 MEDIUM POC This Month

The Active Products Tables for WooCommerce. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Woot
NVD WPScan
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-1904 MEDIUM POC This Month

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Easy Pricing Tables
NVD WPScan
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-1593 MEDIUM POC This Month

The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Site Offline Or Coming Soon
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1470 MEDIUM POC This Month

The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ultimate Woocommerce Csv Importer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-31082 CRITICAL PATCH Act Now

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Glpi Inventory
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-31076 MEDIUM POC PATCH This Month

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Kubernetes Null Pointer Dereference Kubeedge
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2022-2208 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-31064 MEDIUM POC PATCH This Month

BigBlueButton is an open source web conferencing system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bigbluebutton
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-2041 MEDIUM POC This Month

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Brizy
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2040 MEDIUM POC This Month

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Brizy
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1964 MEDIUM POC This Month

The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Easy Svg Support
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1776 MEDIUM POC This Month

The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popups Welcome Bar Optins And Lead Generation Plugin
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2213 MEDIUM POC This Month

A vulnerability was found in SourceCodester Library Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Library Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2140 CRITICAL Act Now

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Smartics
NVD
CVSS 3.1
9.0
EPSS
0.8%
CVE-2022-33009 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lightcms
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-31086 HIGH PATCH This Week

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP RCE Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-1995 MEDIUM POC This Month

The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Malware Scanner
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1994 MEDIUM POC This Month

The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Login With Otp Over Sms Email Whatsapp And Google Authenticator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1990 MEDIUM POC This Month

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Nested Pages
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1971 MEDIUM POC This Month

The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Nextcellent Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1327 MEDIUM POC This Month

The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Image Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1326 MEDIUM POC This Month

The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Form Contact Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1321 MEDIUM POC This Month

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Google Authenticator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1113 MEDIUM POC This Month

The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Flower Delivery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy