Skip to main content
CVE-2022-33107 CRITICAL POC THREAT Act Now

ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\AbstractCache.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
22.3%
CVE-2022-33037 HIGH POC This Week

A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Orwell Dev Cpp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-33036 HIGH POC This Week

A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Dev C
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-33035 HIGH POC This Week

XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xlpd
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-31110 HIGH POC PATCH This Week

RSSHub is an open source, extensible RSS feed generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rsshub
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-33021 HIGH POC This Week

CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Cva6
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-34043 HIGH POC This Week

Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Nomachine
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2022-33060 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-33059 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-33058 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-33057 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-2073 HIGH POC PATCH THREAT This Week

Code Injection in GitHub repository getgrav/grav prior to 1.7.34. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Grav
NVD GitHub
CVSS 3.1
7.2
EPSS
10.4%
CVE-2022-33042 HIGH POC This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30467 MEDIUM POC This Month

Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Wolf 2022 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.9%
CVE-2022-31897 MEDIUM POC This Month

SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoo Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-2252 MEDIUM POC PATCH This Month

Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-29272 MEDIUM POC This Month

In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Nagios Xi
NVD GitHub
CVSS 3.1
6.1
EPSS
3.9%
CVE-2022-32532 CRITICAL PATCH Act Now

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Shiro
NVD
CVSS 3.1
9.8
EPSS
25.4%
CVE-2022-33639 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Google Microsoft Information Disclosure Edge Chromium
NVD
CVSS 3.1
8.3
EPSS
2.5%
CVE-2022-33638 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Google Microsoft Information Disclosure Edge Chromium
NVD
CVSS 3.1
8.3
EPSS
2.3%
CVE-2022-30192 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Google Microsoft Information Disclosure Edge Chromium
NVD
CVSS 3.1
8.3
EPSS
2.6%
CVE-2022-33023 HIGH This Week

CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cva6
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-33061 HIGH This Week

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Railway Reservation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-31058 HIGH PATCH This Week

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Tuleap
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-29271 MEDIUM This Month

In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nagios Xi
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-29269 MEDIUM This Month

In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2022-32969 MEDIUM PATCH This Month

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Google Mozilla Information Disclosure Metamask
NVD GitHub
CVSS 3.1
5.9
EPSS
1.4%
CVE-2022-31063 MEDIUM PATCH This Month

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tuleap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-28803 MEDIUM PATCH This Month

In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Silverstripe
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-31032 MEDIUM PATCH This Month

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-31266 MEDIUM This Month

In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ilias
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-29270 MEDIUM This Month

In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nagios Xi
NVD GitHub
CVSS 3.1
4.3
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy