Skip to main content
CVE-2022-2595 CRITICAL POC PATCH Act Now

Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Titra
NVD GitHub
CVSS 3.1
10.0
EPSS
1.1%
CVE-2022-31188 CRITICAL POC PATCH THREAT Act Now

CVAT is an opensource interactive video and image annotation tool for computer vision. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Computer Vision Annotation Tool
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
47.8%
CVE-2022-31183 CRITICAL POC PATCH Act Now

fs2 is a compositional, streaming I/O library for Scala. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Fs2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-31181 CRITICAL POC PATCH Act Now

PrestaShop is an Open Source e-commerce platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Prestashop
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2022-31180 CRITICAL POC PATCH Act Now

Shescape is a simple shell escape package for JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Shescape
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31179 CRITICAL POC PATCH Act Now

Shescape is a simple shell escape package for JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Code Injection Shescape
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-2317 CRITICAL POC Act Now

The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Simple Membership
NVD WPScan
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1950 CRITICAL POC Act Now

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Youzify
NVD WPScan
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-34567 HIGH POC This Week

An issue in \Roaming\Mango\Plugins of University of Texas Multi-image Analysis GUI (Mango) 4.1 allows attackers to escalate privileges via crafted plugins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Multi Image Analysis Gui
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-2273 HIGH POC This Week

The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Simple Membership
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-2245 HIGH POC This Week

The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Counter Box
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-2184 HIGH POC This Week

The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF WordPress Path Traversal Captcha 4Wp
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-2581 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2580 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2571 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-37315 HIGH POC PATCH This Week

graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Graphql Go
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-35920 HIGH POC PATCH This Week

Sanic is an opensource python web server/framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Sanic
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-31173 HIGH POC PATCH This Week

Juniper is a GraphQL server library for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Juniper Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-1585 HIGH POC This Week

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Path Traversal PHP Project Source Code Download
NVD WPScan
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-2591 HIGH POC This Week

A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Flex 1085 Firmware
NVD VulDB Exploit-DB
CVSS 3.1
7.5
EPSS
6.7%
CVE-2022-2370 MEDIUM POC This Month

The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Yaysmtp
NVD WPScan
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2260 MEDIUM POC This Month

The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Givewp
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-2589 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fava
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2241 MEDIUM POC This Month

The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Featured Image From Url
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2181 MEDIUM POC This Month

The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Advanced Wordpress Reset
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-1906 MEDIUM POC This Month

The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Copyright Proof
NVD WPScan
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-2596 MEDIUM POC PATCH This Month

Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Node Fetch
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2022-26437 CRITICAL Act Now

In httpclient, there is a possible out of bounds write due to uninitialized data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Nbiot Sdk
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-27255 CRITICAL Act Now

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ecos Rsdk Firmware Ecos Msdk Firmware
NVD
CVSS 3.1
9.8
EPSS
37.1%
CVE-2022-2598 MEDIUM POC PATCH This Month

Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-2171 MEDIUM POC This Month

The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Progressive License
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-1600 MEDIUM POC This Month

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Yop Poll
NVD WPScan
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-31321 CRITICAL Act Now

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bolt
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-31775 CRITICAL PATCH Act Now

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Datapower Gateway
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-34161 HIGH PATCH This Week

IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Cics Tx
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-34154 HIGH This Week

Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Enable Svg Webp Ico Upload
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-2328 MEDIUM POC This Month

The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Flexi Quote Rotator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2325 MEDIUM POC This Month

The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Invitation Based Registrations
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2305 MEDIUM POC This Month

The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popups
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2278 MEDIUM POC This Month

The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Featured Image From Url
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2215 MEDIUM POC This Month

The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Givewp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2170 MEDIUM POC This Month

The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS WordPress Microsoft Advertising Universal Event Tracking
NVD WPScan
CVSS 3.1
4.8
EPSS
1.1%
CVE-2022-26310 HIGH This Week

Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-26309 HIGH This Week

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-1324 MEDIUM POC This Month

The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Event Timeline
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-0598 MEDIUM POC This Month

The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Login With Phone Number
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-31776 HIGH PATCH This Week

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Datapower Gateway
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-2369 MEDIUM POC This Month

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Yaysmtp
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-26429 HIGH This Week

In cta, there is a possible way to write permission usage records of an app due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-35922 HIGH PATCH This Week

Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rust Websocket Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy