Skip to main content
CVE-2022-35925 CRITICAL POC PATCH Act Now

BookWyrm is a social network for tracking reading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Authentication Bypass Bookwyrm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-34613 CRITICAL POC Act Now

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mealie
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-35422 CRITICAL POC Act Now

Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Web Based Quiz System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34956 CRITICAL POC Act Now

Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pligg Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34955 CRITICAL POC Act Now

Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pligg Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34954 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34953 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34952 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34951 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34950 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34949 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34948 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34947 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34946 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34945 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2631 HIGH POC PATCH This Week

Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Tooljet
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-37035 HIGH POC This Week

An issue was discovered in bgpd in FRRouting (FRR) 8.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Race Condition Information Disclosure Frrouting
NVD GitHub
CVSS 3.1
8.1
EPSS
1.9%
CVE-2022-35923 HIGH POC PATCH This Week

v8n is a javascript validation library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service V8N
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-34924 HIGH POC This Week

Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Landray Office Automation
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-25867 HIGH POC PATCH This Week

The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Socket Io Client Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-29154 HIGH POC This Week

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Rsync Fedora
NVD GitHub
CVSS 3.1
7.4
EPSS
1.7%
CVE-2022-34625 HIGH POC This Week

Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Mealie
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2022-35421 HIGH POC This Week

Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours And Travels Management System
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-30285 CRITICAL Act Now

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kace Systems Management Appliance
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-29807 CRITICAL Act Now

A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP SQLi Kace Systems Management Appliance
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-35223 CRITICAL Act Now

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Mailhunter Ultimate
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-34619 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mealie
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-34618 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mealie
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-35924 CRITICAL PATCH Act Now

NextAuth.js is a complete open source authentication solution for Next.js applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Next Auth
NVD GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-35217 HIGH This Week

The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Health Insurance Web Service Component
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-29808 HIGH This Week

In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kace Systems Management Appliance
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-35222 MEDIUM This Month

HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Hicos Natural Person Credential Component Client
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-30572 MEDIUM This Month

The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Iway Service Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-35220 MEDIUM This Month

Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Team Pro
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-36967 MEDIUM This Month

In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ipswitch Ws Ftp Server
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-1293 MEDIUM This Month

The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citadel
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-33917 MEDIUM This Month

An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Valhall Gpu Kernel Driver
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35219 MEDIUM This Month

The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Health Insurance Web Service Component
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-35218 MEDIUM This Month

The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Health Insurance Web Service Component
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-30571 MEDIUM This Month

The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Iway Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35221 MEDIUM This Month

Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Team Pro
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-23733 MEDIUM This Month

A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36968 MEDIUM This Month

In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ipswitch Ws Ftp Server
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy