Skip to main content
CVE-2022-34972 CRITICAL POC Act Now

So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi So Filter Shop By
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-32413 CRITICAL POC Act Now

An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dice
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-32311 CRITICAL POC Act Now

Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ingredient Stock Management System
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-32310 CRITICAL POC Act Now

An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Ingredient Stock Management System
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31856 CRITICAL POC Act Now

Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Newsletter Module
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-2321 CRITICAL POC PATCH Act Now

Improper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nakama
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31836 CRITICAL POC PATCH Act Now

The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Beego
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-34878 HIGH POC PATCH This Week

SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Vicidial
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2022-34877 HIGH POC PATCH This Week

SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Vicidial
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2022-34876 HIGH POC PATCH This Week

SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Vicidial
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2022-2304 HIGH POC PATCH This Week

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-31116 HIGH POC PATCH This Week

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Ultrajson Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-2309 HIGH POC PATCH This Week

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Lxml Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-2306 HIGH POC PATCH This Week

Old session tokens can be used to authenticate to the application and send authenticated requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nakama
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-33075 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoo Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-33743 HIGH PATCH This Week

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Xen Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31014 LOW POC PATCH Monitor

Nextcloud server is an open source personal cloud server. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
3.5
EPSS
2.4%
CVE-2022-30290 HIGH PATCH This Week

In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opencti
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33742 HIGH PATCH This Week

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fedora Debian Linux Linux Kernel Xen
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-33741 HIGH PATCH This Week

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fedora Debian Linux Linux Kernel Xen
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-33740 HIGH PATCH This Week

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Fedora Debian Linux Linux Kernel Xen
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-26365 HIGH PATCH This Week

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Kernel Xen Debian Linux Fedora
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-34879 MEDIUM This Month

Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Vicidial
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-31117 MEDIUM PATCH This Month

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Ultrajson Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.7%
CVE-2022-30289 MEDIUM PATCH This Month

A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Opencti
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2097 MEDIUM PATCH This Month

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Fedora Active Iq Unified Manager Clustered Data Ontap Antivirus Connector +7
NVD
CVSS 3.1
5.3
EPSS
4.4%
CVE-2022-31770 MEDIUM This Month

IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM App Connect Enterprise Certified Container
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-33744 MEDIUM PATCH This Month

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy