Skip to main content
CVE-2022-2297 HIGH POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Clinic S Patient Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
3.3%
CVE-2022-2298 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Clinic S Patient Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-38289 HIGH POC This Week

An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Novaicare
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-1025 HIGH POC PATCH This Week

All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Argo Cd
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-36667 HIGH POC PATCH This Week

Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Python Apple Insync Client
NVD VulDB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-36668 HIGH POC This Week

URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Code Injection Insync Client
NVD VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-36665 HIGH POC This Week

An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Deserialization Insync Client
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-36666 HIGH POC This Week

An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Insync Client
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-2263 HIGH POC This Week

A vulnerability was found in Online Hotel Booking System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hotel Booking
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-2262 HIGH POC This Week

A vulnerability has been found in Online Hotel Booking System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hotel Booking
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-30517 MEDIUM POC This Month

Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mogublog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-25875 MEDIUM POC PATCH This Month

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Svelte
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-34819 CRITICAL PATCH Act Now

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Simatic Cp 1242 7 V2 Firmware Simatic Cp 1243 1 Firmware Simatic Cp 1243 7 Lte Eu Firmware +12
NVD
CVSS 3.1
10.0
EPSS
1.9%
CVE-2022-35628 CRITICAL PATCH Act Now

A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Living User Experience
NVD
CVSS 3.1
9.8
EPSS
26.3%
CVE-2022-29601 CRITICAL PATCH Act Now

The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Seminars
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-29600 CRITICAL PATCH Act Now

The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Oelib
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-22997 CRITICAL Act Now

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection My Cloud Home Duo Firmware My Cloud Home Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31105 CRITICAL PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
9.6
EPSS
0.8%
CVE-2022-26649 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Siemens Buffer Overflow Scalance X204 2 Firmware Scalance X204 2Fm Firmware Scalance X204 2Ld Firmware +26
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2022-2364 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Parking Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2293 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Sales Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2292 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hotel Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2291 MEDIUM POC This Month

A vulnerability was found in SourceCodester Hotel Management System 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hotel Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34737 CRITICAL Act Now

The application security module has a vulnerability in permission assignment. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-30221 HIGH This Week

Windows Graphics Component Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-30216 HIGH This Week

Windows Server Service Tampering Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft File Upload Windows 10 Windows 11 Windows Server 2016 +1
NVD
CVSS 3.1
8.8
EPSS
88.6%
CVE-2022-22026 HIGH This Week

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Buffer Overflow Windows 10 Windows 11 +8
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-35228 HIGH This Week

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-31593 HIGH This Week

SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection SAP Business One
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-2385 HIGH PATCH This Week

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Aws Iam Authenticator
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-34821 HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Siemens RCE Code Injection Simatic Cp 1242 7 V2 Firmware Simatic Cp 1243 1 Firmware +13
NVD
CVSS 4.0
8.8
EPSS
2.2%
CVE-2022-26647 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Information Disclosure Scalance X200 4P Irt Firmware Scalance X201 3P Irt Firmware Scalance X201 3P Irt Pro Firmware +26
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-2363 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Parking Management System
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.6%
CVE-2022-30222 HIGH This Week

Windows Shell Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2022-34820 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Simatic Cp 1242 7 V2 Firmware Simatic Cp 1243 1 Firmware Simatic Cp 1243 7 Lte Eu Firmware +12
NVD
CVSS 3.1
8.4
EPSS
2.0%
CVE-2022-33674 HIGH This Week

Azure Site Recovery Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
8.3
EPSS
1.1%
CVE-2022-26648 HIGH PATCH This Week

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Siemens Buffer Overflow Scalance X204 2 Firmware Scalance X204 2Fm Firmware Scalance X204 2Ld Firmware +26
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2022-22038 HIGH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Windows 10 Windows 11 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2022-22029 HIGH This Week

Windows Network File System Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
8.1
EPSS
5.1%
CVE-2022-24800 HIGH PATCH This Week

October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

PHP Race Condition RCE October
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2022-34663 HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100,. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Ruggedcom Ros
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2022-33137 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3),. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Simatic Mv540 H Firmware Simatic Mv540 S Firmware Simatic Mv550 H Firmware Simatic Mv550 S Firmware +2
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2022-33675 HIGH This Week

Azure Site Recovery Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-30220 HIGH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
5.1%
CVE-2022-30206 HIGH This Week

Windows Print Spooler Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2022-22050 HIGH This Week

Windows Fax Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-22049 HIGH This Week

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Microsoft Buffer Overflow Windows 10 Windows 11 +8
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-22047 HIGH KEV PATCH THREAT This Week

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
18.8%
CVE-2022-22045 HIGH This Week

Windows.Devices.Picker.dll Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-22043 HIGH This Week

Windows Fast FAT File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy